• State Not Answered
  • Replies 3 replies
  • Subscribers 30 subscribers
  • Views 2856 views
  • Users 0 members are here
Options
Related

Safeguard for Privileged Sessions (SPS) in multi-data centre cluster (geo-cluster) configuration seems unstable

gilesm
over 4 years ago

Hi,

Has anyone successfully used SPS servers (what were the Balabit Session Control Boxes) configured in a cluster between different data centres?

We are having issues with the stability of the cluster connections (which use IPsec tunnels) using SPS v6.0 as they seem to lose connection to the Central Management Node and then randomly reconnect.

The cluster connections within the DCs seem to be OK.

Just wondering if anyone else has used this configuration or does everyone keep the clusters within the Data Centre?

Thanks

Giles

  • 0 over 4 years ago

    It should be possible to configure a cluster that spans datacenters in multiple locations, however, there is much to consider and you need to have the necessary architecture in place. 

    You need to ensure that there is sufficient bandwidth between the locations to support the amount of traffic that is being sent between the cluster members.

    If you are having intermittent communication issues, then it would recommend doing some network troubleshooting, such as  a packet capture or other network analysis to determine the root cause. 

  • 0 over 4 years ago

    Hi Giles,

    we deployed a three nodes cluster (not HA) between 3 datacenters. Two of them in Rome in campus distance (hundreds of meters) and lot of bandwidth via fiber, the third in Milan (hundrends of kilometers) and with only 100Mb bandwidth.

    Everything is working fine. It is also joined with a SPP 3 nodes cluster with same locations

    Stefano

  • 0 over 3 years ago in reply to stufoni

    Hi Stufoni,

    Good day! So from your response, could you share a little on how affinity is being configured? Example, lets say if there are admins in Milan trying to connect to servers in Milan, how do we get their connection proxied thru the SPS in Milan instead of being routed by any of the 2 SPS in your Rome campus? Thanks! 

    Also, are the below assumption correct based on your deployment?

    - All 3 SPS nodes configured as a SPS cluster

    - 1 SPS cluster central management role joined to SPP while others configured as search minion