Security

 View Only
last person joined: 4 days ago 

Ask questions and share experiences with Juniper Connected Security. Discuss Advanced Threat Protection, SecIntel, Secure Analytics, Secure Connect, Security Director, and all things related to Juniper security technologies.
  • 1.  Backup Security Director installation?

    Posted 04-22-2019 10:21
    Hi,

    Can I install another Security Director server (ESXi) at one of my other data centres and configure it to act as the backup server? I do this at the moment with Checkpoint - the primary and secondary servers have a heart beat link ... if primary goes down then the secondary realises and makes itself the primary to push out firewall policies to the gateways.

    Thanks
    #director
    #security


  • 2.  RE: Backup Security Director installation?

     
    Posted 04-22-2019 11:08
    Hi,

    You can deploy second server as a secondary fabric node, while the ova deployment it will ask if it will be a part of cluster or not, you can say yes there and then add it as a fabric.


    For more details please check: https://www.juniper.net/documentation/en_US/junos-space17.1/platform/topics/concept/junos-space-getting-started-fabric-deploying-overview.html


    Regards,
    PL


  • 3.  RE: Backup Security Director installation?

    Posted 04-22-2019 11:18

    Also, in case your network is not allowing multicast communication, try this: 

     

    https://www.juniper.net/documentation/en_US/junos-space17.2/platform/topics/task/operational/junos-space-unicast-cluster-creating.html

     

     



  • 4.  RE: Backup Security Director installation?

    Posted 04-22-2019 11:22
    Thanks,

    But really I need a second installation as a failover server for security director.

    The above guide needs both servers to be in the same subnet which won’t work for my scenario.

    I will have these servers in completely different locations on different subnets. They can communicate but will not be in the same subnet.

    Can I just setup a second security director installation and tell this one it is the failover?


  • 5.  RE: Backup Security Director installation?

    Posted 04-22-2019 11:51
      |   view attached

    We use Junos Space disaster recovery with our ESX setup

     

    One site is primary one is secondary files are copied down to the secondary site every day and the seconday junos space server only takes over if their is a total failure at the primary location

     

    You have to match memeory cpu's and hard drive space on the ESX host in both the primary and secondary sites

    Attachment(s)



  • 6.  RE: Backup Security Director installation?

    Posted 04-22-2019 11:55
    That’s interesting - do you need special license for that product to work? Does it cost money etc?

    Thanks


  • 7.  RE: Backup Security Director installation?

    Posted 04-22-2019 13:35

    There is an official disaster recovery solution for Junos Space with a standby enviroment with database syncronization. The description can be found here:

    https://www.juniper.net/documentation/en_US/junos-space18.1/platform/topics/concept/disaster-recovery-overview.html

     

    In general you would only need licenses for Junos Space and Security Director on the primary/active installation. Doing the manual disaster recovery will import the licenses from the backup.

     

    Right now I cannot find information on the full disaster recovery solution will require licenses on both sites. I will try to find out an update this thread if other people have not been able to answer before me.



  • 8.  RE: Backup Security Director installation?
    Best Answer

    Posted 04-30-2019 04:31

    Just got information back from internal ressources:

     

    If you deploy a set of DR Space instances, these will need to be licensed as well as your primary site.

    So a fabric of two space nodes on each site will require 4 x JS-PLATFORM licenses as well as application licenses on top (eg. JS-SECDIR-X).



  • 9.  RE: Backup Security Director installation?

     
    Posted 04-22-2019 19:22

    Ideally, you would need JS-Platform license for each node in a Space Cluster or Fabric deployment.