HA System Deployment
An eSight HA system can be a local two-node cluster (where two servers are deployed at the same site) or a remote two-node cluster (where two servers are deployed at two different sites). This mode applies to scenarios that require high reliability.
Local HA System
In this deployment mode, the eSight software is installed on both the active and standby servers. Data between the active and standby servers is synchronized through a dedicated replication line. When the active server fails, services are automatically switched to the standby server to ensure normal running of eSight.
You can set a floating IP address between the active and standby servers. In this case, devices do not need to reconnect to eSight after the active and standby switchover.
- Bond: A virtual network adapter technology. On the Linux operating system, the bond technology is used to form a virtual layer above the network adapter driver and below the data link layer. This technology binds IP addresses and MAC addresses of two server network adapters connected to switches into one IP address and one MAC address, forming a virtual network adapter.
- Bond protection is not supported in the VM two-node cluster scenario.
- Figure 4-5 shows the networking structure when the southbound and northbound services are not isolated.
- If the southbound and northbound services are isolated, the network will be divided into two networks: southbound network (where devices reside) and northbound network (where the upper-layer NMS, third-party system, and client reside). The northbound network cannot directly access devices on the southbound network. Therefore, devices and other network facilities are isolated, enhancing device security and reducing attack risks. Figure 4-6 shows the networking structure.
- The multi-subnet management function of eSight conflicts with the southbound and northbound service isolation function. If the southbound and northbound service isolation function is enabled, the multi-subnet management function cannot be enabled.
- In southbound and northbound isolation scenarios, the Web NMS function of network devices is unavailable. To use this function, choose Resource > Network > Network Device from the main menu and click a device name. On the displayed NE manager page, choose Device Config > Web NMS.
- Distributed server deployment in a Veritas two-node cluster (NTC) does not support southbound and northbound isolation.
- In the distributed deployment (NTC) scenario, the southbound IP address needs to be used for installation and connection and the distributed server cannot be managed by the maintenance tool.
Remote HA System
In this deployment mode, the eSight software is installed on both the active and standby servers. The two servers can be deployed in geographically-dispersed places. In case of a fault on the active server, services are automatically switched to the standby server. Data between the active and standby servers is synchronized through a dedicated replication line, which ensures normal running of the eSight system.
Because the two eSight servers use different IP addresses, you must set the IP addresses of the active and standby servers on managed devices. In this case, information, such as alarms, on the devices can be automatically sent to the standby server after the active and standby switchover, which ensures normal device monitoring and management.
- The following figure shows the networking structure when the southbound and northbound services are not isolated.Figure 4-7 Remote HA system networking (The southbound and northbound services are not isolated)
- If the southbound and northbound services are isolated, the network will be divided into two networks: southbound network (where devices reside) and northbound network (where the upper-layer NMS, third-party system, and client reside). The northbound network cannot directly access devices on the southbound network. Therefore, devices and other network facilities are isolated, enhancing device security and reducing attack risks.Figure 4-8 Remote HA system networking (The southbound and northbound services are isolated)
- The multi-subnet management function of eSight conflicts with the southbound and northbound service isolation function. If the southbound and northbound service isolation function is enabled, the multi-subnet management function cannot be enabled.
- In southbound and northbound isolation scenarios, the Web NMS function of network devices is unavailable. To use this function, choose Resource > Network > Network Device from the main menu and click a device name. On the displayed NE manager page, choose Device Config > Web NMS.
- Distributed server deployment in a Veritas two-node cluster (NTC) does not support southbound and northbound isolation.
- In the distributed deployment scenario, the southbound IP address needs to be used for installation and connection and the distributed server cannot be managed by the maintenance tool.
