Cisco NAC3350-PROF-K9 Hardware Installation Guide - Page 124

Installing a Clean Access Manager High Availability Pair Chapter 4 Configuring High Availability (HA) CAM High Availability Overview Caution CAM-CAS communication and HA-CAM and/or HA-CAS peer communication can break down and adversely affect network functionality when SSL certificates expire. Refer to the caveat CSCtb43264 in Release Notes for Cisco NAC Appliance, Version 4.8. For more information, see the "HA Active-Active Situation Due to Expired SSL Certificates" section of the Cisco NAC Appliance - Clean Access Manager Configuration Guide, Release 4.8(3). The following key points provide a high-level summary of HA-CAM operation: • The Clean Access Manager high-availability mode is an Active/Passive two-server configuration in which a standby CAM machine acts as a backup to an active CAM machine. • The active Clean Access Manager performs all tasks for the system. The standby CAM monitors the active CAM and keeps its database synchronized with the active CAM's database. Note CAM Authorization settings are not automatically passed from one CAM to the other in an HA-pair. If you use the Authorization feature in a CAM HA-pair, follow the guidelines in the "Backing Up and Restoring CAM/CAS Authorization Settings" section of the Cisco NAC Appliance - Clean Access Manager Configuration Guide, Release 4.8(3) to ensure you are able to exactly duplicate your Authorization settings from one CAM to its high availability counterpart. • Clean Access Managers and Clean Access Servers use a local master secret password to encrypt and protect important data, like other system passwords. The master secret password needs to be the same for a CAM-HA pair. Similarly, the CAS-HA pair should maintain the same master secret password. Cisco recommends keeping very accurate records of assigned master secret passwords to ensure that you are able to fail over to the HA peer CAM/CAS in HA deployments. (HA-Secondary CAMs/CASs are not able to assume the "active" role following a failover event when the master secret passwords are different.) • Both CAMs share a virtual Service IP for the eth0 trusted interface. The Service IP must be used for the SSL certificate. • The Service IP address is used for all messages and requests sent to the CAM, including communication from the CAS and the administration web console. • The CAM uses its individual (eth0) IP address for all communications sent to the CAS and proxy authentication messages. • The primary and secondary CAM machines exchange UDP heartbeat packets every 2 seconds. If the heartbeat timer expires, stateful failover occurs. • HA CAMs/CASs automatically establish an IPSec tunnel to ensure all communications between the HA Pair appliances remains secure across the network. • In order to ensure an active CAM is always available, its interface (eth0) must be up. To avoid a situation where a CAM is active but is not accessible via its interface (that is, the standby CAM receives heartbeat packets from the active CAM, but the active CAM's eth0 interface fails), the link-detect mechanism allows the standby CAM to be aware of when the active CAM's eth0 interface becomes unavailable. • Both the Clean Access Manager and Clean Access Server are designed to automatically reboot in the event of a hard-drive failure, thus automatically initiating failover to the standby CAM/CAS. Cisco NAC Appliance Hardware Installation Guide 4-4 OL-20326-01