Shutdown one unit in HA setup

Hej Karsten and welcome to the UTM Community!

I would not do it like that.  My recommendation is:

1. shutdown (power off) the SLAVE unit
2. physically move SLAVE unit
3. reconnect all cables to SLAVE unit and power it back on
4. wait for sync
5. shutdown (power off) the current MASTER (the unit not yet moved) and the unit already moved will become MASTER
6. repeat steps 1-3 for new SLAVE unit

Cheers - Bob

Hi Bob,

I'm in a similar situation to the above but we're moving to a new datacentre and have a pair of SG450s (UTM 9.605-1) running in an Active-Passive HA configuration that we need to move.

The new datacenter will use the same IP subnets (internal and external) as the old datacentre. Ideally rather than moving both UTMs in one go we would like to do a test of the new datacentre by moving just one of the UTMs over first, then briefly switch the routing of the internal and external IPs to the new datacentre to ensure everything works okay prior to the final cutover. My question is, is this possible? I'm not clear how this is best achieved (if actually possible). Here would be what I would hope to be able to do:

1. Shutdown UTM2 (currently Slave), leaving UTM1 running (currently Master) in old datacentre..

2. Move UTM2 to the new datacentre (not currently connected to any network), cable it up (all IPs and subnets are identical), then power it up.

3. When ready to do our test run we will disconnect the old datacentre from the network, connect the new datacentre to the network, and then route the internal and external traffic to the new datacentre.

4. Check that all expected connectivity in the new datacentre is working as it was in the old datacentre.

5. Once testing is completed, disconnect the new datacentre from the network, reconnect the old datacentre and switch the routing back to the old datacentre. Leaving UTM2 in the new datacentre.

6. When ready to do the final cutover to the new datacentre, power down UTM1, move to new datacenter and cable back up including reconnecting HA cable.

7. Power up UTM1 and let the UTMs sync.

8. Disconnect old datacentre. Switch all routing to new datacentre.

Does this sound feasible? UTM1 and UTM2 while in separate datacentre will not have any HA connectivity as only one datacentre will ever be live on the network at any one point. I guess the questions are:

- Would UTM2 on being powered back up in the new datacentre switch to being a Master as it would no longer have UTM1 connected?

- Would UTM2 go back to being a slave when UTM1 was moved over to the new datacentre and reconnected exactly as the UTMs were in the old datacentre?

Being able to test the new datacentre would help de-risk the migration as we don't want to find out there are problems on the final cutover when we bring all the servers over from the old datacentre. Any advice or comments would be gratefully received.

Thanks,

Colin

Thanks Dirk, that's great.

So UTM2 will declare itself the Master when UTM1 comes over to join it even though they will still both be Masters?

If two SG's getting together after booth are master, the device with most uptime is the new master.

I recommend to build HA connection and then start the second device.

Agreed with Dirk that this should work, Colin.  Just out of an abundance of caution I would probably disable/enable all Interfaces after powering the UTM up in the new DC - I'm not sure what will happen due to the different MAC addresses in the new DC.  Then when bringing the second UTM to the new DC, I would, again, out of an abundance of caution, do a factory reset of that device and power it down before connecting all of the cables.

Please let us know your results!

Cheers - Bob

Just an update that we successfully moved UTM2 to the new DC and brought it online. It did indeed make itself a MASTER and all connectivity worked as hoped. It handled the MAC address changes with no need to disable / enable interfaces.

We are now back running on UTM1 in the old DC and will move it up to join its HA partner in a couple of weeks. UTM1 shows the SLAVE node as DEAD currently.

UTM2 just shows MASTER and nothing else.

We have had to add some firewall rules and users since splitting the UTMs, so we want UTM1 to be the MASTER and UTM2 to sync the changes to it. I'm trying to decide, when we do join them back together in the new DC, whether to just shutdown UTM2, connect up UTM1 including HA, power up, the bring UTM2 up. Bob - I think you suggested doing a Factory Reset of UTM2 then just join it back to UTM1 and UTM2 should rebuild and Sync as a SLAVE. Is that correct? I assume I would tick the "Enable automatic configuration of new devices" setting on the HA page on UTM1?

Also, out of interest how will UTM2 get named back to being UTM2? Apologies but I've not been through the process of setting up an HA with a device that is factory reset.

Thanks.

Colin, these are the instructions I supply to my clients when adding a unit in High Availability:

1. If needed, do a quick, temporary install so that the new device can download Up2Dates.
2. Apply the Up2Dates to the same version as the current unit, do a factory reset and shutdown.
3. On the current UTM in use, on the 'Configuration' tab of 'High Availability':
   a. Enable Hot-Standby
   b. Select eth3 as the Sync NIC
   c. Configure it as Node_1
   d. Enter an encryption key (I've never found a need to remember it)
   e. Select 'Enable automatic configuration of new devices'
   f. I prefer to use 'Preferred Master: None' and 'Backup interface: Internal'
4. Cable eth3 to eth3 on the new device.
5. Cable all of the other NICs exactly as they are on the original UTM.
6. Power up the new device and wait for the good news. [;)]

It sounds like you may not need to do 3.

Cheers - Bob

Perfect Bob. Thank you.

Do you think it is worth me setting the UTM1 HA Operation mode to "Off" at the moment. a) to stop it looking for UTM2 and generating notifications, and b) Just to remove the DEAD Slave UTM from the HA Status (UTM2)? I would put it back to Hot Standby as per your instructions when we are ready to bring in UTM2 following its factory reset.

Yes, Colin - good insight!

Cheers - Bob

Hi Bob,

I like your last step. "6. Power up the new device and wait for the good news"

After the devices has joined the HA configuration as a Slave is ther any work that then needs to be done?

Following the Factory Reset does the device lose its name? Does a license have to be added for the Slave device? Anything else?

If so are there any instruction on how to do this?

Thanks

The steps I gave above are all that's needed, Colin.  When you cause the Factory Reset and then reconnect the Slave after re-enabling High Availability on the Master, the Master gives everything to the Slave including a name and a copy of the license.  It's really all that simple!

Cheers - Bob

Hi Bob. Just an update that we successfully moved the datacentres at the weekend. I followed the steps and factory reset UTM2 while UTM1 was running as MASTER. For some reason it had trouble getting UTM2 to join the HA when it was powered up. In the end we logged onto UTM2 and manually set the HA. UTM1 then found it and sync'd over to it. Now all running back as an HA Active \ Passive pair. Happy days!

Thanks for all your help and advice.

Regards,

Colin

Hi Bob. Just an update that we successfully moved the datacentres at the weekend. I followed the steps and factory reset UTM2 while UTM1 was running as MASTER. For some reason it had trouble getting UTM2 to join the HA when it was powered up. In the end we logged onto UTM2 and manually set the HA. UTM1 then found it and sync'd over to it. Now all running back as an HA Active \ Passive pair. Happy days!

Thanks for all your help and advice.

Regards,

Colin