* This concept is only applicable to Network VirusWall 2500.
Network VirusWall 2500 achieves high availability (HA) using the following solutions:
Redundant ports
Port redundancy allows you to use a redundant physical link implementation for securing maximum network uptime and reliability.
Port redundancy is targeted to a mesh network. In a port redundancy solution, Network VirusWall provides two pairs of internal and external ports to connect to the up-link and downlink switches in dual paths.
Configuring a port redundant operating mode requires the completion of the following:
Configuration of port group A with two (2) ports— one external port, one internal port
Configuration of port group B with two (2) ports— one external port, one internal port
Configuration of the redundancy port group with port groups A and B
Setting the Operation Mode through the pre-configuration console
Port redundancy configuration is usually accompanied with a failover fault-tolerance solution. In a port-redundant NVW implementation, multiple connection paths, each with redundant devices, are used to help ensure that the connection is still viable even if one (or more) paths fail. The capacity for automatic failover means that normal functions can be maintained despite the inevitable interruptions caused by problems with equipment.
Redundant devices
NVW HA is device redundant. If one of the devices in an HA cluster fails, all settings are maintained by other NVW devices in the HA cluster.
Fault tolerance solutions
Configure Network VirusWall to apply failopen or failover fault tolerance solution.
A failopen solution allows the Network VirusWall device to continue to pass traffic in an event when a software or hardware failure occurs within the device.
A failover solution is a backup operation that automatically switches to a standby Network VirusWall device if the active device fails or is temporarily shut down for servicing.
Failopen and failover solutions cannot be enabled at the same time.
For any system to be highly available, the parts of a system should be well-designed and thoroughly tested before they are used. Trend Micro recommends testing a Network VirusWall deployment before rolling out the device in a production system. Doing so helps minimize the chances of system failure or breakdown.
To deploy Network VirusWall in an HA environment:
Decide where to deploy the device(s)
Ready the port configuration
Complete the pre-configuration Operation Mode setting.
Refer to the Network VirusWall Administrator's Guide for details on HA.
See also:
Operation Mode