ClusterXL From win2003 to SPLAT

[al00ha]

Hi.

Anyone has any experience of upgrading a Cluster XL environment from win2003 to SPLAT?

Is it possible to have different OS on the gateways in a Cluster XL environment during upgrade?
Upgrade the first module, reconfigure GW object, the "sic" and that stuff and after that install the policy.

Running management on win2003.

/Thanks in advance

[Lackie]

You will probably have problem with the cluster if they are on different operating systems.

[Sergej]

I have the same question from the customer. Windows Management server + Windows enforcement HA migrate to leave same Management server + SPLAT HA enforcement on new hardware.

Both cluster members must be identical. This is must. I recommend to the customer the fol owing:
1. Prepare 4-5 demo licenses on the usercenter (just for emergency issue)
2. Install and configure SPLAT on a new hardware. Configure all interfaces to be in the same networks like existing but use different IPs (e.g. existing cluster members .251 .252 for new set .241 .242)
3. Initialize SIC add SPALT objects. Use demo licenses to manage this host.
*** At this point everything is sill working
Select one of the following
4.1 Create new cluster with a new addresses on the interfaces (e.g. existing .254 new .253) and reconfigure routing on surrounding equipment to point to a new cluster
4.2 Throw away bought members from existing cluster and add new SPALT nodes.
*** Use only demo licenses. Stabilize you conifg and regenerate existing licenses after a week or two.

[al00ha]

I actually tried the upgrade yesterday and so far it seems to work.

Im using the exact same hardware on the gateway, just used a new pair of disks to the RAID set and saved the old ones in case of failure of the upgrade.

1. Installed SPLAT with the exact same config as on win2003
2. Initiated SIC
3. Started HA on SPLAT
4. Installed policy
5. pushed license to SPLAT from Smartupdate.

This took about 40 mins and i had 0 downtime on the network.The Cluster works without any problems "so far" with win2003 on one GW and SPLAT on the other.
I will let this config run for a week and then upgrade the other GW to SPLAT.


VPN-1 Pro/Express, Cluster XL, HA New Mode

GW1: Win2003 NGX R60 hfa_01
GW2: SPLAT NGX R60 hfa_02
Smartcenter: Win2003 NGX R60 hfa_01

Hardware:
HP DL380 G4
Intel MT1000 Quad

[Sergej]

This is really new for me. I thought only same OS clusters supported. I dig down to ClusterXL User Guide and find the flowing:

Introduction to State Synchronization
State Synchronization enables all machines in the cluster to be aware of the connections passing through each of the other machines. It ensures that if there is a failure in a cluster member, connections that were handled by the failed machine will be maintained by the other machines.

Every IP based service (including TCP and UDP) recognized by VPN-1 Pro is synchronized.

State Synchronization is used both by ClusterXL and by third-party OPSEC-certified clustering products.

Machines in a ClusterXL Load Sharing configuration must be synchronized. Machines in a ClusterXL High Availability configuration do not have to be synchronized, though if they are not, connections will be lost upon failover.

Synchronized Cluster Restrictions
The following restrictions apply to synchronizing cluster members:
1 Only cluster members running on the same platform can be synchronized.
For example, it is not possible to synchronize a Windows 2000 cluster member
with a Solaris 8 cluster member.
2 The cluster members must be the same software version.
For example, it is not possible to synchronize a Version NG FP3 cluster member with a version NGX cluster member.
... some other restrictions ...

All this mean that it is possible to have mixed platform cluster. But the sate sync is not possible.

[intehnet]

Quote:

Originally Posted by Sergej

All this mean that it is possible to have mixed platform cluster. But the sate sync is not possible.

that's news to me also! pretty handy for upgrades i think...

[al00ha]

Well,, by now I have tried the failover several times without any problems.
“Fw ctl pstat” shows that the sync is ok.