Configuring High Availability

At this point, the Unified Access Gateway has been deployed and you are able to access the administration console and update the appliance configuration.

In this chapter, you will learn how to enable High Availability on both deployed appliances, create a cluster, test the High Availability component when accessing an internal website through the Web Reverse Proxy Edge Service, and identify how Unified Access Gateway sets appliances in the cluster as Master and Backup.

 

1. Validating the Reverse Proxy Settings

You will validate the Web Reverse Proxy settings to access the intranet in both appliances, using the administration consoles for UAG-HA1 and UAG-HA2 that you just logged in to.

Remember to perform the following steps on both UAG-HA1 and UAG-HA2, switching between the two browser tabs as needed to validate the settings on each Unified Access Gateway.

Acessing Reverse Proxy Settings

Perform the following steps on each appliance using the administration console, it will ensure that Web Reverse Proxy is configured on each one.

  1. Click the Show toggle by Edge Service Settings. After you click, it switches to Hide.
  2. Click the gear icon next to Reverse Proxy Settings.

1.1. Selecting the Reverse Proxy Instance Settings

Adding Reverse Proxy Settings

Click the Gear icon for the intranet instance.

1.2. Validating Intranet Reverse Proxy Settings

IN BOTH APPLIANCES:

  1. Click on the More hyperlink to expand the Settings, then scroll down.
  2. Note that the Proxy Host Pattern is set to uag-vip.corp.local, which will resolve the virtual IP address that will be assigned to the Master Unified Access Gateway Appliance, which will forward the requested traffic to the respective appliance.
  3. Click Cancel at the bottom after confirming the Proxy Host Pattern on both Unified Access Gateway appliances (HA-1 and HA-2).

1.3. Close the Reverse Proxy Settings

Configuration saved sucessfully

Click Close.

1.4. Validating Reverse Proxy Configuration

Validating reverse proxy configuration for intranet
  1. Click the arrow down for the Reverse Proxy Settings.
  2. Click the refresh icon for the Edge Service Settings.
  3. Confirm the intranet proxy status is GREEN.

The reverse proxy settings for the intranet website, must be GREEN, which confirms that the appliance is able to communicate with the intranet website, otherwise it shows RED.

Note: It can take a few minutes for the intranet proxy to show as GREEN. If you do not see it, click the refresh icon in Step #2 until you see the status change to either GREEN or RED.

2. Configuring High Availability on UAG-HA1

HA on UAG HA1

As you can see on the administration console, the High Availability Settings is set as Not Configured on UAG-HA1 appliance at this point.

Click on the High Availability Gear to configure.

2.1. Adding Virtual IP Address and Group ID

Config VIP and Group ID
  1. Switch the Mode to Enabled.
  2. Enter 192.168.110.150 for the Virtual IP Address
  3. Enter 50 for the Group ID
  4. Click Save

In this configuration all the incoming traffic on 192.168.110.150 will be balanced by the cluster of Unified Access Gateway appliances on Group ID 50.

 

2.2. Monitoring High Availability State

Processing

As you save the configuration, Unified Access Gateway will broadcast a signal on the VIP subnet looking for other Appliances on the same Group ID, during that time the High Availability state will be Processing.

In the case where no other appliances are found, UAG-HA1 will become the Master and the High Availability state on the administration console will switch to Master as shown below.

NOTE - You may need to refresh the Unified Access Gateway administrator console after a few minutes to see the Processing status update to Master. Note, you will have to re-authenticate into the UAG administration console if you refresh the window after this change.

Master

3. Configuring High Availability on UAG-HA2

Now repeat the same steps to configure the High Availability settings on UAG-HA2.

From your Chrome Browser, return to the tab where you logged into the the administration console for UAG-HA2.  The URL is https://uag-ha2.corp.local:9443/admin.

The same Virtual IP Address (192.168.110.150) and Group ID (50) must be used on UAG-HA2 to make this appliance part of the same cluster where UAG-HA1 resides.

3.1. Monitoring High Availability on UAG-HA2

After perform the High Availability configuration on UAG-HA2, the high availability status will change to Backup.

NOTE - You may need to refresh the Unified Access Gateway administrator console after a few minutes to see the Processing status update to Backup. Note, you will have to re-authenticate into the UAG administration console if you refresh the window after this change.

Backup

4. Validating Virtual IP Address on the UAG-HA1 Virtual Machine

Validate VIP

Return to the vSphere Web Client to validate the assignment of the additional Virtual IP Address to the Master Appliance.

  1. Click on VM and Templates.
  2. Select the UAG-HA1 VM.
  3. You may need to click the Refresh button to update the UAG-HA1 details.
  4. Click on View all 3 IP addresses.
  5. The Virtual IP address 192.168.110.150 was assigned to the UAG-HA1 VM, the Master appliance.

Perform the same steps to view the IP addresses of the UAG-HA2 VM. Notice it still has two IP address (shown below), as this appliance is set as the Backup appliance on the High Availability stack.

0 Comments

Add your comment

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.