zGateway Cluster Installation
A full zGateway cluster installation requires a 2 node deployment. The installation process steps are as follows:
1. Install primary zGateway Cluster Manager
2. Perform standard pre-boot and bootstrap process of zGateway
3. Start NTP services from zGateway management page
4. Add the same node as zGateway node to the cluster
5. Install zGateway on second host and add it to the Cluster as secondary Cluster Manager
6. Add standby node machine also as zGateway node
CONFIGURING PRIMARY ZGATEWAY CLUSTER MANAGER
After the first security officer user is registered and certificate is installed on administers machine, login as security officer using the zGateway client and open the management console.
Follow these steps on zGateway management console to configure the Primary zGateway Node
1. Create a new HTTP type application with name “ClusterManagement” with Application Server as the virtual IP address and port as 3636. Provide the URL as
Note: replace zgateway_virtual_IP_address with the virtual IP address of the cluster
provided during installation
Note: This application can be marked hidden in case admin do not want to publish this on
2. Create an application group with name “ClusterAdminApps” with high security user and add
the application to this application group
3. Create an Access control using Native as the authentication server for High Security Users for the SYSTEM group and assign the newly created high security application group
4. Logout from zGateway client and login again and open zGateway management console
5. Go to Host Configuration -> Global Settings page and start NTP server.
6. Go to High Availability -> Configuration page and start configuring HA.
|Setting||Description||Default Value||Value Specification|
|Virtual IP Address||The cluster specified during the installation of the first node||Provided by the admin||Valid IP Address|
|Network Mask||Network Mast of the Virtual IP||Selected from the drop down menu||Valid Netmask|
|Primary Load Balancer Server IP||The physical IP address of the primary Cluster manager||The IP address of this host||Valid IP|
|Backup Load Balancer Server IP||The physical IP address of the secondary Cluster Manager||The value is bland. It must be entered once the secondary cluster manager is added to the cluster||Valid IP or blank entry|
|Load Balanced Port Number||List of ports which will be load balanced by the service||80 and 443||Comma separated list of ports|
|Device Name||The network interface name of the interface on which virtual IP addresses will be assigned||First interface of the host||Select from drop down menu|
7. Add the same host as the VPN Servers by clicking on Add button under VPN Servers section Specify the Server Name for display, IP Address of this host as Server IP Address. Server Weight is used for weight based load balancing when two or more VPN servers (zGateways) will have different hardware sizing. The node with higher weight will receive more connections.
8. If a secondary zGateway Cluster Manager is to be added to the cluster, the physical IP address of the secondary Cluster Manager host must be updated.
9. The secondary zGateway host (if going to be added immediately) must be added as VPN Server list also.
10. The final configuration shall look like this:
11. Click on “ADVANCED HA CONFIGURATION” and make sure following options are checked
a. Enable check box for “Monitor NIC links for failures”
b. Change the Persistence (Seconds) to 5 seconds/User preference
c. Click on save button to close advanced configuration screen.
12. Click on “Save” to save the configuration
13. Click on “Reload Service” to apply the Cluster modified configuration to cluster
14. Clicking on “Advanced HA Configuration” will show advanced cluster configurations. Follow the section at the end of this document for details on the advanced configuration.
15. The Cluster configuration is completed.
16. Perform other tasks like installing license and or publishing applications, ACLs, etc
17. Move the gateway to “run state” if the secondary zGateway node is not to be configured as the immediate next step.
INSTALLING DEDICATED ZGATEWAY NODE
In case a 3rd or more node need to be added to the cluster, these nodes can only run zGateway node.
Prerequisites: zGateway latest ISO, Virtual or physical hosts with minimum 4 GB of RAM and dual core of CPU
1. Install zGateway using the zGateway ISO on a virtual machine or a physical host. Refer to the zGateway install guide on preparing the virtual machine or physical host and zGateway installation steps
2. After the “System Configuration” step in preboot stage, select the installation type as “Join as zGateway server” under “Clustered zGateway Installation” section
3. Selecting the option “Join as a zGateway Server” will install just the zGateway components on the host and will initiate a configuration synchronization with the active load balancer using the IP address specified as Virtual IP address of the load balancer. After the initial configuration sync is finished, the zGateway will start functioning without requiring any additional configuration. Similarly more no. of zGateway Nodes can be added to an existing cluster.
4. Synchronization of this node will start which may take few minutes and will finish with a success message.
5. Go to Host Configuration -> Global Settings page and start NTP server
zGateway cluster uses a single license applied on the Primary zGateway Cluster Manager node. The Primary Cluster Manager node, shares the same license copy with all other nodes in the cluster. When Primary Cluster Manager node is not available, the Secondary Cluster Manager provides the license information to the other nodes in the cluster.