Safeguard for Privileged Sessions (SPS) in multi-data centre cluster (geo-cluster) configuration seems unstable

Hi,

Has anyone successfully used SPS servers (what were the Balabit Session Control Boxes) configured in a cluster between different data centres?

We are having issues with the stability of the cluster connections (which use IPsec tunnels) using SPS v6.0 as they seem to lose connection to the Central Management Node and then randomly reconnect.

The cluster connections within the DCs seem to be OK.

Just wondering if anyone else has used this configuration or does everyone keep the clusters within the Data Centre?

Thanks

Giles

  • It should be possible to configure a cluster that spans datacenters in multiple locations, however, there is much to consider and you need to have the necessary architecture in place. 

    You need to ensure that there is sufficient bandwidth between the locations to support the amount of traffic that is being sent between the cluster members.

    If you are having intermittent communication issues, then it would recommend doing some network troubleshooting, such as  a packet capture or other network analysis to determine the root cause. 

  • Hi Giles,

    we deployed a three nodes cluster (not HA) between 3 datacenters. Two of them in Rome in campus distance (hundreds of meters) and lot of bandwidth via fiber, the third in Milan (hundrends of kilometers) and with only 100Mb bandwidth.

    Everything is working fine. It is also joined with a SPP 3 nodes cluster with same locations

    Stefano