Device templates allow you to combine several UserGate devices into a configuration cluster with unified settings on all cluster nodes and to create one or more high availability (HA) clusters from configuration cluster nodes.
For more details on the clustering modes used in UserGate, see the Clustering and High Availability section of UserGate 6 Administrator Guide.
Configuration cluster
The process of creating a UGMC-managed configuration cluster is virtually identical to creating a standalone cluster. The only difference is that the first cluster node must be placed under UGMC management before the configuration cluster is created. Each configuration cluster node connected to UGMC is assigned a node identifier, which is a unique identifier that looks like node_1, node_2, node_3, etc.
To create a configuration cluster, follow these steps:
|
Name |
Description |
|---|---|
|
Step 1. Perform initial configuration on the first cluster node |
See the Initial Configuration chapter of UserGate 6 Administrator Guide. |
|
Step 2. On the first cluster node, configure the zone containing the network interfaces through which cluster replication will be carried out. |
В разделе Зоны создать выделенную зону для репликации настроек кластера или использовать существующую (Cluster). Allow the following services in the zone's settings:
Do not use zones whose interfaces are connected to untrusted networks (e.g., the Internet) for replication. |
|
Step 3. Specify the IP address that will be used to communicate with other cluster nodes |
In the Device management section, go to the Configuration Cluster pane, select the current cluster node, and click Edit. Specify the IP address of an interface located in the zone you configured at Step 2. |
|
Step 4. Generate a Secret code on the first cluster node |
In the Device management section, click Generate secret code. Copy the resulting code to the clipboard. This master node secret is required for one-time authorization of a second node before adding it to the cluster. |
|
Step 5. Connect the first configuration cluster node to UGMC |
The first node is connected in exactly the same way as a standalone UserGate device. The connection procedure is described in detail in the Placing UserGate Devices under UGMC Management section. The first node is automatically assigned an ID of node_1. |
|
Step 6. Connect a second node to the cluster |
Important! A second and subsequent nodes can only be added to the configuration cluster during their initialization. Connect to the web console of the second cluster node and select the installation language. Specify the network interface that will be used to connect to the first cluster node and assign it an IP address. Оба узла кластера должны находиться в одной подсети, например, интерфейсам eth2 обоих узлов назначены IP-адреса 192.168.100.5/24 и 192.168.100.6/24. Otherwise, you need to specify the IP address of the gateway through which the first cluster node will be accessible. Указать IP-адрес первого узла, настроенный на шаге 3, вставить секретный код и нажать на кнопку Подключить. If the cluster IP addresses configured at Step 2 are assigned correctly, the system will invite you to assign a cluster ID to the device being added as node_2, node_3, node_4, etc. The node_1 ID has been already issued to the first cluster node. After assigning the ID, the second cluster node will be added to the cluster, and all settings of the first node will be replicated on the second one. When successfully added to the cluster, the node will be displayed with its selected ID as the second node in the managed device list. |
The settings for the added node (including interface, zone, and filtering policy settings) can be configured locally or via UGMC template policies. If they had already been configured in UGMC templates by the time the second node was connected, they will be applied to the new node immediately after adding it to the cluster.
A third and subsequent nodes are added to the configuration cluster in a similar fashion.
High Availability (HA) Cluster
Up to 4 configuration cluster nodes can be combined into a HA cluster that supports the Active-Active or Active-Passive operation modes. You can build several HA clusters. To create a HA cluster using UGMC, the following conditions must be met:
|
Name |
Description |
|---|---|
|
Configuration cluster present |
A configuration cluster must already be created and display correctly in the managed device list. |
|
UGMC-managed interfaces present |
On UserGate devices, interfaces created and managed from UGMC must be present. Virtual IP addresses can only be assigned to interfaces that were created in UGMC templates. |
|
HA cluster requirements met |
All requirements applicable to the nodes of an HA cluster being created without using UGMC must be met. For more details on HA clusters, see the Clustering and High Availability section of UserGate 6 Administrator Guide. |
To create an HA cluster, follow these steps:
|
Name |
Description |
|---|---|
|
Step 1. Configure zones whose interfaces will participate in the HA cluster |
In a UGMC template where zones are configured for managed devices, allow the VRRP service in the Zones section for all zones where you plan to add a virtual cluster IP address. |
|
Step 2. Create a HA cluster |
In one of the UGMC templates, go to the Device management ➜ HA cluster section, click Add, and configure the settings for the new HA cluster. |
|
Step 3. Specify a virtual IP address for the auth.captive, logout.captive, block.captive, and ftpclient.captive hosts. |
If captive-portal authorization is to be used, the system host names auth.captive and logout.captive used by the authorization procedures in the captive portal must resolve to the IP address assigned as the virtual cluster address. These settings can be configured in the General settings section of a UGMC template. They are described in more detail in the Device Setup section of UserGate 6 Administrator Guide. |
The settings for a HA cluster are listed below:
|
Name |
Description |
|---|---|
|
Enabled |
Enable or disable the HA cluster. |
|
Name |
The name of the HA cluster. |
|
Description |
A description of the HA cluster. |
|
Mode |
The HA cluster operating mode:
|
|
Sessions sync |
Enables user session synchronization mode between all nodes in the HA cluster. When enabled, this option makes switching users between devices transparent to the users themselves but adds significant load on the UserGate platform. The option is only relevant for the Active-Passive cluster mode. |
|
HA cluster multicast ID |
Multiple HA clusters can be created in a single configuration cluster. Session synchronization uses a specific multicast address defined by this parameter. A unique ID must be assigned to each group of HA clusters that requires session synchronization support within the group. |
|
Virtual router ID (VRID) |
The VRID must be unique to each VRRP cluster in the local network. If there are no 3rd party VRRP clusters in the network, it is recommended to keep the default setting. |
|
Nodes |
Select the configuration cluster nodes to combine into an HA cluster. The cluster nodes are represented by the IDs assigned to the nodes of the configuration cluster when it was created. |
|
Virtual IPs |
Assign virtual IP addresses and map them to the interfaces of the cluster nodes. Only interfaces created in a UGMC template can be used here. |