The process of creating a UGMC-managed configuration cluster is virtually identical to creating a standalone cluster. The only difference is that the first cluster node must be placed under UGMC management before the configuration cluster is created. Each configuration cluster node connected to UGMC is assigned a node identifier, which is a unique identifier that looks like node_1, node_2, node_3, etc.
To create a configuration cluster, follow these steps:
|
Task |
Description |
|---|---|
|
Step 1. Perform initial configuration on the first cluster node. |
See the chapter Initial Configuration of UserGate 7. Administrator Guide. |
|
Step 2. On the first cluster node, configure the zone containing the network interfaces through which cluster replication will be carried out. |
In the Zones section, create a new dedicated zone for cluster settings replication or use an existing one (Cluster). Allow the following services in the zone's settings:
Do not use zones whose interfaces are connected to untrusted networks (e.g., the Internet) for replication. |
|
Step 3. Specify the IP address that will be used to communicate with other cluster nodes. |
In the Device management section, go to the Configuration cluster pane, select the current cluster node, and click Edit. Specify the IP address of an interface located in the zone you configured at Step 2. |
|
Step 4. Generate a Master node secret on the first cluster node. |
In the Device management section, press the Generate secret code button. Copy the resulting code to the clipboard. This master node secret is required for one-time authorization of a second node before adding it to the cluster. |
|
Step 5. Connect the first configuration cluster node to UGMC. |
The first node is connected in exactly the same way as a standalone UserGate device. The connection procedure is described in detail in the section Placing UserGate Devices under UGMC Management. The first node is automatically assigned an ID of node_1. |
|
Step 6. Connect a second node to the cluster. |
Important! A second and subsequent nodes can only be added to the configuration cluster during their initialization. Connect to the web console of the second cluster node and select the installation language. Specify the network interface that will be used to connect to the first cluster node and assign it an IP address. Both cluster nodes must reside in the same subnet --- e.g., as is the case when the eth2 interfaces of the two nodes are assigned IP addresses 192.168.100.5/24 and 192.168.100.6/24, respectively. Otherwise, you need to specify the IP address of the gateway through which the first cluster node will be accessible. Specify the IP address of the first node configured at Step 3, enter the master node secret, and press the Connect button. If the cluster IP addresses configured at Step 2 are assigned correctly, the system will invite you to assign a cluster ID to the device being added as node_2, node_3, node_4, etc. The node_1 ID has been already issued to the first cluster node. After assigning the ID, the second cluster node will be added to the cluster, and all settings of the first node will be replicated on the second one. When successfully added to the cluster, the node will be displayed with its selected ID as the second node in the managed device list. |
The settings for the added node (including interface, zone, and filtering policy settings) can be configured locally or via UGMC template policies. If they had already been configured in UGMC templates by the time the second node was connected, they will be applied to the new node immediately after adding it to the cluster.
A third and subsequent nodes are added to the configuration cluster in a similar fashion.