Technical Field Enablement. Symantec Messaging Gateway 10.0 HIGH AVAILABILITY WHITEPAPER. George Maculley. Date published: 5 May 2013

Similar documents
Plug-in for VMware vcenter

WHITE PAPER: BEST PRACTICES. Sizing and Scalability Recommendations for Symantec Endpoint Protection. Symantec Enterprise Security Solutions Group

Foundation for Cloud Computing with VMware vsphere 4

EMC CLARiiON CX3-40. Reference Architecture. Enterprise Solutions for Microsoft Exchange Enabled by MirrorView/S

TrustNet Manager Group Encryption Management for Policies, Keys and Devices

Symantec Protection Center Getting Started Guide. Version 2.0

Evaluation Program for Symantec Mail Security Appliances

DELL EMC READY BUNDLE FOR VIRTUALIZATION WITH VMWARE AND FIBRE CHANNEL INFRASTRUCTURE

Data Sheet: High Availability Veritas Cluster Server from Symantec Reduce Application Downtime

Setting Up Cisco Prime LMS for High Availability, Live Migration, and Storage VMotion Using VMware

VMware vsphere Administration Training. Course Content

Adobe Acrobat Connect Pro 7.5 and VMware ESX Server

Reference Architecture for Dell VIS Self-Service Creator and VMware vsphere 4

Microsoft SQL Server in a VMware Environment on Dell PowerEdge R810 Servers and Dell EqualLogic Storage

Symantec Network Access Control Starter Edition

NetBackup for vcloud Director

A Dell Technical White Paper Dell Virtualization Solutions Engineering

RecoverPoint for Virtual Machines

vsphere Availability Update 1 VMware vsphere 6.5 VMware ESXi 6.5 vcenter Server 6.5 EN

Vmware VCP550PSE. VMware Certified Professional on vsphere 5.

Remote Expert Installation Service for Symantec Mail Security 8300

Symantec Network Access Control Starter Edition

Veritas Cluster Server from Symantec

VMware HA: Overview & Technical Best Practices

New Features in VMware vsphere (ESX 4)

Implementing SharePoint Server 2010 on Dell vstart Solution

Avid inews Server Enterprise Virtualization Reference. Release 1.0

DELL EMC READY BUNDLE FOR VIRTUALIZATION WITH VMWARE AND ISCSI INFRASTRUCTURE

VMware ESX ESXi and vsphere. Installation Guide

Deploying VMware High Availability & Fault Tolerance cluster on EonNAS (NFS)

VMware vsphere 5.5 Advanced Administration

vsphere Availability Update 1 ESXi 5.0 vcenter Server 5.0 EN

Acano solution. Virtualized Deployment R1.1 Installation Guide. Acano. May D

TN1070: Verint Master Server Under

vsphere Availability 17 APR 2018 VMware vsphere 6.7 VMware ESXi 6.7 vcenter Server 6.7

VMware - VMware vsphere: Install, Configure, Manage [V6.7]

vsphere Availability Guide

Basic Configuration Installation Guide

Acano solution. Virtualized Deployment R1.7 Installation Guide. March G

Data Sheet: Endpoint Security Symantec Network Access Control Starter Edition Simplified endpoint enforcement

vsphere 5/6: Install, Configure, Manage Review Questions

Reference Architecture

Symantec NetBackup Appliance Fibre Channel Guide

EMC Business Continuity for Microsoft Applications

VMware vsphere with ESX 4 and vcenter

VMware vfabric Data Director Installation Guide

vstart 50 VMware vsphere Solution Overview

VMware vstorage APIs FOR ARRAY INTEGRATION WITH EMC VNX SERIES FOR SAN

Actual4Test. Actual4test - actual test exam dumps-pass for IT exams

SymantecTM Desktop and Laptop Option. Symantec DLO s Storage in Cloud (Amazon Web Services)

GV STRATUS Virtualized Systems. Alex Lakey November 2016

Using EonStor DS Series iscsi-host storage systems with VMware vsphere 5.x

Exam Name: VMware Certified Professional on vsphere 5 (Private Beta)

SOLUTION MANAGEMENT GROUP

IM B09 Best Practices for Backup and Recovery of VMware - DRAFT v1

VMware vfabric Data Director Installation Guide

VMware vsphere 4. The Best Platform for Building Cloud Infrastructures

Dell Technologies IoT Solution Surveillance with Genetec Security Center

Exam : VMWare VCP-310

Administering VMware vsphere and vcenter 5

VMware vsphere Storage Appliance Installation and Configuration

SymantecTM Desktop and Laptop Option. Symantec DLO s Storage in Cloud (Amazon Web Services)

DumpExam. The best exam dump, valid dumps PDF, accurate exam materials provider

Basic Configuration Installation Guide

Dell EMC. VxBlock Systems for VMware NSX 6.3 Architecture Overview

vsan Disaster Recovery November 19, 2017

ATA Infotech Ventures Pvt. Ltd.

Acano solution. White Paper on Virtualized Deployments. Simon Evans, Acano Chief Scientist. March B

VMware vsphere with ESX 4.1 and vcenter 4.1

Three Steps to Protect Your Virtual Systems

Deployment of VMware Infrastructure 3 on Dell PowerEdge Blade Servers

Deploy the ExtraHop Discover Appliance with VMware

EMC VPLEX VIRTUAL EDITION: USE CASES AND PERFORMANCE PLANNING

Symantec Advanced Threat Protection: Endpoint

Migration. 22 AUG 2017 VMware Validated Design 4.1 VMware Validated Design for Software-Defined Data Center 4.1

W H I T E P A P E R : T E C H N I C AL. Symantec High Availability Solution for Oracle Enterprise Manager Grid Control 11g and Cloud Control 12c

VIRTUAL APPLIANCES. Frequently Asked Questions (FAQ)

Veritas Access. Installing Veritas Access in VMWare ESx environment. Who should read this paper? Veritas Pre-Sales, Partner Pre-Sales

VMware vsphere. Using vsphere VMware Inc. All rights reserved

Eliminate the Complexity of Multiple Infrastructure Silos

Acano solution. Virtualized Deployment R1.2 Installation Guide. Acano. December G

High Availability and Disaster Recovery Solutions for Perforce

Vmware VCP410. VMware Certified Professional on vsphere 4. Download Full Version :

Introducing VMware Validated Designs for Software-Defined Data Center

Exam Questions 1V0-621

Getting Started with ESX Server 3i Installable Update 2 and later for ESX Server 3i version 3.5 Installable and VirtualCenter 2.5

Protecting Mission-Critical Workloads with VMware Fault Tolerance W H I T E P A P E R

Clustering and Storage Management In Virtualized Environments Rasmus Rask Eilersen

DSI Optimized Backup & Deduplication for VTL Installation & User Guide

Microsoft E xchange 2010 on VMware

Symantec NetBackup 7 for VMware

Getting Started with ESXi Embedded

VMware Exam 2V0-621 VMware Certified Professional 6 Data Center Virtualization Beta Version: 7.0 [ Total Questions: 242 ]

IMPLEMENTING VIRTUALIZATION IN A SMALL DATA CENTER

Sophos Virtual Appliance. setup guide

Introducing VMware Validated Designs for Software-Defined Data Center

FluidFS Antivirus Integration

Virtualizing Business- Critical Applications with Confidence TECHNICAL WHITE PAPER

PassTest. Bessere Qualität, bessere Dienstleistungen!

VMware vsphere: Install, Configure, Manage (vsphere ICM 6.7)

Transcription:

Symantec Messaging Gateway 10.0 HIGH AVAILABILITY WHITEPAPER George Maculley Date published: 5 May 2013 Document Version: 1.0 Technical Field Enablement

Contents Introduction... 3 Scope... 3 Symantec Messaging Gateway architecture... 3 Design Considerations... 3 High Availability Architecture... 4 Software Configuration... 5 Step 1... 6 Step 3... 8 Step 4... 9 Step 5... 10 Step 6... 11 Step 7... 12 Step 8... 13 Step 9... 14 Deploying Symantec Messaging Gateway in an HA environment... 14 Appendix A VMware HA Checklist... 15 Appendix B Symantec Messaging Gateway appliance specifications... 16 management Symantec reserves the right to make changes without prior notice.... 17 Page 2 05 May 2013

INTRODUCTION Symantec Messaging Gateway (SMG) is a secure email gateway solution. In addition to providing antispam, malware protection, and content filtering features, SMG provides an interface for handling quarantine and data loss prevention (DLP) incidents. Due to the sensitive and mission critical nature of email service, it is important to include this service in any disaster recovery planning. Taking this a step further, companies may want to implement a high availability solution to ensure that they are always able to access their electronic message data. This document proposes a solution for implementing a high availability (HA) architecture for the Symantec Messaging Gateway product. SCOPE This paper will address the necessary components and configurations for implementing SMG in a high availability environment. Implementing SMG in a high availability environment will enable an almost seamless recovery due to an unplanned hardware failure, and will enable the migration of services from one physical device to another for planned downtime. For an unplanned outage, in process transactions will be lost. However, due to the resilient nature of SMTP, no data will be lost, and failed message transfers will be re-initiated automatically. High availability is not the same as fault tolerance (FT). Fault tolerance would allow for a seamless recovery from a hardware failure, with no loss of data or in process transactions. Although FT is achievable for SMG, it is outside of the scope of this document. SYMANTEC MESSAGING GATEWAY ARCHITECTURE The Symantec Messaging Gateway solution consists of two server roles: Scanner and Control Center. The Control Center is the central management, configuration, message quarantine, and reporting interface for all Scanners. The Scanner is the mail processing engine and SMTP relay. In the current software version, once a Scanner is configured to accept connections from a Control Center, the only outbound communication from the Scanner to the Control Center is an upload of statistical data. The Control Center initiates connections to the Scanners to push configuration data, and to query the Scanners when reports are run. In the event that a Scanner is unable to communicate with a Control Center, it will continue to operate normally. By default, each Scanner will keep a record of its statistical data for 1 week, or up to 50MB of storage space. If a Control Center is unavailable for longer than the lesser of these conditions, then statistical data will be lost. In small deployments, it is possible to host both the Control Center and the Scanner role on a single appliance. To simplify the diagrams in this document, the diagrams will show both roles on a single server. However, the same considerations and instructions can be used in split deployments, including having many separate Scanners. Because the SMG Scanners are SMTP relays, it is necessary to include HA capability for both the Scanner and Control Center roles, or else messages in transit on the Scanners may be lost. DESIGN CONSIDERATIONS Page 3 05 May 2013

Symantec Messaging Gateway does not have any features to implement clustering or high availability. Therefore, it is necessary to implement SMG in the virtual appliance form factor, and to take advantage of the HA capabilities provided by VMware in order design an HA solution for SMG. When implementing SMG on VMware hosts, it is important to utilize prudent capacity planning for the physical servers on which the software will reside. Insufficient computing, network, or storage resources can reduce the effectiveness and reliability of any HA solution. The performance of any virtual appliance is typically 20% less than the performance of a physical appliance with the same CPU and RAM specifications. The High Availability feature of VMware requires several hardware and software components to implement, as well as specific environmental configurations. A list of the requirements can be found in Appendix A. HIGH AVAILABILITY ARCHITECTURE To create a VMware cluster, a minimum of two ESXi hosts and shared storage (via SAN) between the two hosts are required. It is highly recommended to have redundant network connections between all hosts in the cluster, in addition to having a separate network connection for production network traffic. VMware technology enables administrators to abstract computing resources to a great degree. However, individual virtual machines are still limited to the physical characteristics of the host on which they execute. It is recommended to use server class hardware with specifications which meet or exceed that of the SMG physical appliance hardware. The hardware specifications for the SMG physical appliances are detailed in Appendix B. The diagram below shows a simple VMware cluster configuration. It is recommended, to have more than two ESXi hosts assigned to the cluster. Page 4 05 May 2013

For environments that include multiple Scanners, it is recommended that the Scanner images be load balanced across all available ESXi cluster hosts, in order to limit the impact of a single ESXi host failure. SOFTWARE CONFIGURATION The configuration of a VMware cluster consists of nine steps. For each step, the administrator will have to decide which features to enable and in some cases, what settings to use. This guide will give some guidance for each step, but other choices are also valid, and should be made based on the administrator s familiarity and comfort with VMware. Page 5 05 May 2013

STEP 1 Give the cluster a name, and determine whether to enable vsphere HA and/or vsphere DRS. This example shows that both features are enabled. Page 6 05 May 2013

STEP 2 Determine the level of automation the cluster software will implement with regards to which ESXi hosts specific virtual machines will run on. The example shows an automation level of Manual. This is chosen so that the administrator can make an educated choice based on knowledge of the environment. For environments with multiple Scanner appliances and more than two cluster hosts, this will enable the administrator to ensure that the Scanners will be load balanced across available cluster hosts. Page 7 05 May 2013

STEP 3 Set the power management rules for the cluster. The example shows that this feature is disabled, but can safely be enabled in advanced VMware environments. Page 8 05 May 2013

STEP 4 Enable host monitoring, and disable admission control. Advanced admission control policies are outside of the scope of this paper. Page 9 05 May 2013

STEP 5 Set restart options for virtual machines in the cluster. It is important to set the Host Isolation Response parameter to Power Off, otherwise for the case of a management network failure, it would be possible that the VMware HA software may try to run the SMG appliance on two hosts at the same time. Since the image is only located on the SAN, there could be a catastrophic failure or corruption if the SMG VM is failed over to another machine while the original machine is still accessing the disk. Page 10 05 May 2013

STEP 6 This example shows VM Monitoring disabled. The administrator can enable this at their discretion. Although SMG does have VMware tool support, there is a chance that enabling this feature could cause unnecessary failovers in the event that an ESX server is overwhelmed. Page 11 05 May 2013

STEP 7 Determine whether to enable Enhanced vmotion Capability (EVC). This is an advanced settings, and should be set to Disabled unless the administrator is certain of the physical host environment. Page 12 05 May 2013

STEP 8 Determine where to store the swapfile. It is recommended to store the swapfile with the virtual machine. Page 13 05 May 2013

STEP 9 Review settings and finalize configuration. DEPLOYING SYMANTEC MESSAGING GATEWAY IN AN HA ENVIRONMENT Once the VMware cluster is created and physical ESXi hosts are added to the cluster, Symantec Messaging Gateway can be deployed into the cluster by deploying the SMG Virtual Appliance OVF into the cluster, just as one would do for a single ESXi host. When deploying the OVF template, it is necessary to choose a path to the SAN device as the datastore in order for HA failover to work. No further action is required in order for SMG to be protected by the cluster. Page 14 05 May 2013

APPENDIX A VMWARE HA CHECKLIST The following list is provided as a quick reference. Full details should be obtained from VMware. All ESXi hosts in the cluster must be licensed for VMware HA. There must be at least 2 hosts in the cluster. All hosts need a unique host name. All hosts need to be configured with static IP addresses. All hosts must have access to the same management networks. There must be at least one management network in common among all hosts and best practice is to have at least 2. To ensure that any virtual machine can be run on any host in the cluster, all hosts should have access to the same virtual machine networks and datastores. Similarly, virtual machines must be located on shared, not local, storage. All hosts in the VMware HA cluster must have DNS configured so that the short host name of any host in the cluster can be resolved to the appropriate IP address from any other host in the cluster. Source: http://pubs.vmware.com/vsphere-4-esx-vcenter/index.jsp?topic=/com.vmware.vsphere.availability.doc_41/r_ha_checklist.html Page 15 05 May 2013

APPENDIX B SYMANTEC MESSAGING GATEWAY APPLIANCE SPECIFICATIONS Symantec Model CPU Memory SMG 8340 v10.0.1 SMG 8360 v10.0.1 SMG 8380 v10.0.1 1x Intel G850 2.90GHz, 3M Cache, Dual Core/2T 4GB 1333MHz Single Ranked UDIMM (4x1GB) (2) x Intel Xeon E5-2620, 2.00GHz, 15MCache 32GB 1333Mhz Single Ranked DIMM (8x4GB) (2) x Intel Xeon E5-2620, 2.00GHz, 15MCache 32GB 1333Mhz Single Ranked DIMM (8x4GB) NIC Dual On-Board Broadcom 5720 QP 1Gb Network Broadcom 5720 QP 1Gb Network Daughter Card Daughter Card Minimum requirements for deploying SMG in a virtual machine can be found at: http://www.symantec.com/business/support/index?page=content&id=howto53452#v12415142 Page 16 05 May 2013

Any technical information that is made available by Symantec Corporation is the copyrighted work of Symantec Corporation and is owned by Symantec Corporation. NO WARRANTY. The technical information is being delivered to you as is and Symantec Corporation makes no warranty as to its accuracy or use. Any use of the technical documentation or the information contained herein is at the risk of the user. Documentation may include technical or other inaccuracies or typographical This document may include information about pre-release software. Any unreleased update to the product or other planned modification is subject to ongoing evaluation by Symantec and therefore subject to change. This information is provided without warranty of any kind, express or implied. Customers who purchase Symantec products should make their purchase decision based upon features that are currently available. SYMANTEC MANAGEMENT RESERVES THE RIGHT TO MAKE CHANGES WITHOUT PRIOR NOTICE. About Symantec Symantec is a global leader in providing security; storage and systems solutions to help businesses and consumers secure and manage their information. Headquartered in Mountain View, Calif., Symantec has operations in more than 40 countries. More information is available at www.symantec.com. For product information in the U.S. call tollfree 1 (800) 745 6054. For specific country offices and contact numbers, please visit our Web site. Symantec Corporation World Headquarters 350 Ellis Street Mountain View, CA 94043 USA +1 (650) 527-8000 www.symantec.com Copyright 2013 Symantec Corporation. All rights reserved. Symantec and the Symantec logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback