Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 7 replies
  • Subscribers 1 subscriber
  • Views 20360 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Enterprise Console and Relay, High Availibilty

CRIPete

Hi

We currently have a management server, with relay server for external clients. However we are building a second data centre and need to work out the best way managing sophos if the first site gets taken offline.

It looks like the only solution is to virtualize the servers and replicate them to the second site. The questions are:-

  1. Is this really the best way of managing this 
  2. Are we going to run into problems in the second site when we bring up the servers. As the IP addresses on the new site will be different are we going to have issues with communication between the clients relay and management server. 

Thanks

:50116


This thread was automatically locked due to age.
Parents
  • 0

    Hello CRIPete,

    I'm not aware of a (generally available) failover feature in the management server.

    Just some thoughts - I see several (might not be all) aspects which have to be considered:

    1. Where do the endpoints get their updates from (directly or indirectly)? Is a Secondary location defined managed by a SUM which updates directly from Sophos?
    2. Database - how is it kept up to date (policies, groups and group-membership at least)? You can't simply use a copy on the backup server.
    3. Network, naming, RMS considerations 

    As for 3. you can set up kind of an alternate server if it uses the same certificates. If you configure RMS to use just an alias FQDN clients (and relays) should be able to reconnect to the backup.

    What is the scenario you have in mind? A complete disaster at the primary site? Or just a temporary outage? IMO the most important part is updating. While you sooner or later need to re-establish management it's not high-priority. Then there's the question of switching back.

    Christian

    :50132
Reply
  • 0

    Hello CRIPete,

    I'm not aware of a (generally available) failover feature in the management server.

    Just some thoughts - I see several (might not be all) aspects which have to be considered:

    1. Where do the endpoints get their updates from (directly or indirectly)? Is a Secondary location defined managed by a SUM which updates directly from Sophos?
    2. Database - how is it kept up to date (policies, groups and group-membership at least)? You can't simply use a copy on the backup server.
    3. Network, naming, RMS considerations 

    As for 3. you can set up kind of an alternate server if it uses the same certificates. If you configure RMS to use just an alias FQDN clients (and relays) should be able to reconnect to the backup.

    What is the scenario you have in mind? A complete disaster at the primary site? Or just a temporary outage? IMO the most important part is updating. While you sooner or later need to re-establish management it's not high-priority. Then there's the question of switching back.

    Christian

    :50132
Children
No Data
Unfiltered HTML