Symantec™ Security Gateways Reference Guide - Sawmill

128 Ensuring availabilitySymantec’s clustered approachMulti-machine concernsAdding additional machines may address some single-machine issues. Multiple machines offer severalaccess points for both internal and remote hosts. Multiple machines can also be assigned different tasks tobreak up the jobs that need to be performed.However, using multiple machines present its own unique set of issues. Setting up several machines ismore complex than setting up one. Instead of integrating one machine into the existing networkinfrastructure, multiple machines need to be added. Internal and external interfaces on each machine mustbe configured properly, and the networks that each machine is connected to must also be configured.Each security gateway commonly has one of the IP addresses from your public company network (providedby your Internet service provider), and one from your private network. All machines that access yournetwork usually point to the security gateway as a next-hop router; internal hosts point to the securitygateway to gain Internet access, and remote users use the security gateway as a tunnel endpoint to connectto the protected network. To distribute the load, you may elect to point some hosts to the first gateway,some to the second, and so forth. However, if one of those security gateways fails, you have to quicklyreconfigure all of the hosts that pointed at the failed system to point at a different security gateway.Although adding additional resources begins to address the problems of a single-machine setup, it is reallya trade-off. You have alleviated some problems, but created new ones.Symantec’s clustered approachCluster componentsSynchawk daemonSymantec uses a cluster to resolve the high availability and load balancing issues faced by single and multimachineenvironments. A cluster is a group of machines, called nodes, that ensure continued connectivity(high availability) and leverage their processing power (load balancing), even if one or more nodes fail.Symantec offers a complete, integrated solution that alleviates both single-machine and multi-machineconcerns. In a cluster, multiple machines are grouped together and instructed to work as a single entity. Allnodes in the cluster share the state information of all other nodes, and any node can immediately assumeand support a connection for a failed node. Additionally, you can distribute work evenly among all nodemembers, letting the cluster handle significantly more load than a single machine can.The Symantec clustering solution uses the following components:■■■■■■Synchawk daemonBullfrog daemonVirtual IP addresses (VIPs)Incident nodeAuthoritative nodeDedicated heartbeat networkSynchawk is the daemon responsible for negotiating and coordinating cluster configuration informationbetween nodes. Until a node has joined a cluster, synchawk lies dormant. Once the node has joined thecluster, synchawk broadcasts information about its revision number, cluster name, and unique cluster ID toother nodes in the cluster.