Server Maintenance and Backup Procedures:

Source Server Failure Scenarios
In the event that the source Web Filter unit should fail, the target servers will continue to run using the last known configuration loaded from the source server. However, all dynamic authentication-based profiles will eventually time-out, since the source Web Filter can no longer verify user credentials. When this occurs, the information on the server can no longer be trusted. In most cases, the failure of the source server can be quickly repaired, though it is possible the source server will be down for an extended period of time due to detailed troubleshooting that needs to be performed, or that the source server will need to be replaced due to hardware failure.

In cases in which the source Web Filter is out of commission for an extended period of time, this server should be replaced as soon as possible so that individual user authentication can be executed, and the ability to control the filtering cluster is continually enabled. In cases in which the Web Filter will not be immediately replaced, one of the target Web Filter should be designated as the new source server.

Top

Establish Backup Procedures

To prevent down time during a source server failure, Trustwave recommends establishing backup and restore procedures. It is important that regular backups of the source Web Filter are saved using the Backup/Restore window in the System section of the Web Filter Administrator console. Once a backup is created, it can be downloaded to another machine for safekeeping. A backup should be created and downloaded whenever a change is made to filtering settings on the source Web Filter.

Set up a Target Server as a Source Server
In the event of a source server failure, the global administrator should designate a target server as the new source server.

1. Log in to the Administrator console of the target server designated as the new source server.
2. In the System section of the Administrator console, go to the Backup/Restore window and create a backup of the current running configuration on that server.
3. Download the server’s configuration to a safe storage place until it is needed.
4. In the LAN Settings window (accessible via System > Network), set up IP addresses to be the same as on the source server that is being replaced.
5. Go to the Reboot window (accessible via System > Control) and reboot the server.
6. Once the Web Filter is rebooted, reconnect to the Administrator console and access the Backup/Restore window.
7. Upload the last good configuration from the failed source server to the new source server. When the configuration file is uploaded and available in the Web Filter Administrator console, that file should be used for restoring configuration settings.
8. After the restoration of configuration settings is applied and a quick reload takes place, this Web Filter will now function as the source server in the Web Filter cluster.

Set up a Replacement Target Server
Once the original source server is replaced or repaired, it can then be configured to replace the empty spot created by the movement of the target server to the position of source server. Configure this Web Filter so that the IP addresses are that of the target server which became the source server. Upload the running target configuration, which was downloaded prior to converting the target server to a source server. Use this configuration to create a duplicate of the target server that was moved. Once this step is complete, the cluster is whole again and should operate normally.

Top

Set up a New Source Server from Scratch
In the event that you do not have a reliable backup file that can be used for establishing a new source server, you must recreate the settings on the new source server.

Set up a Target Server as a Source Server
1. Log in to the Administrator console of the target server designated as the new source server.
2. In the System section of the Administrator console, access the Reset window and click Reset to remove all settings on the server.
3. Enter all settings from the failed source server on this “new” server. In the Setup window (accessible via System > Synchronization), specify that this is a source server.
4. Apply all patches that were applied on the failed source server.
5. In the Policy section of the Administrator console, enter all groups and filtering profiles.
6. Make all necessary settings in all sections and windows of the Administrator console.

Related Topics:

Back | Top



© Trustwave. All rights reserved.