Convert a Single Layer 2 Engine to a Layer 2 Engine Cluster

You can use a conversion tool to convert an existing Single Layer 2 Engine to a Layer 2 Engine Cluster.

Using the conversion tool maintains the relationship of the Single Layer 2 Engine element and other configurations in the system. The conversion requires you to select one Single Layer 2 Engine element to convert to a Layer 2 Engine Cluster.

The following limitations apply when you convert a Single Layer 2 Engine to a Layer 2 Engine Cluster:
  • It is not possible to combine two Single Layer 2 Engine elements into a Layer 2 Engine Cluster element.
  • A Single Layer 2 Engine can only be converted to a two-node Layer 2 Engine Cluster. To add more nodes to the cluster, add the nodes separately after the conversion.
CAUTION:
If you change the control IP address of the existing node in this process, the connection between the Security Engine and the SMC is lost.

For more details about the product and how to configure features, click Help or press F1.

Steps

  1. Make sure that both Security Engines are licensed.
    The licensing of clustered Security Engine nodes is done in the same way as the licensing of two Single Layer 2 Engines. All current Layer 2 Engine licenses allow clustering the nodes, so no license changes are required to activate the feature.
  2. Make sure that the Security Engines are running software versions that are compatible with the SMC, and preferably that both Security Engines are running the same version.
    Although the cluster can be installed with the Security Engines running different software versions (unless otherwise stated in the Release Notes), long-term use with mismatched versions is not supported.
  3. If the new Layer 2 Engine has a working configuration from previous use, return it to the initial configuration state.
    You can do so in the Security Engine Configuration Wizard (sg-reconfigure) on the command line.
    Note: Do not establish a connection with the Management Server before the Layer 2 Engine Cluster element is ready.
  4. Connect the network cables to the new node and power it on.
  5. Right-click the Single Layer 2 Engine element that you want to upgrade to a Layer 2 Engine Cluster, then select Configuration > Upgrade to Cluster.
  6. Browse to Interfaces > Interface Options.
  7. Define which IP addresses are used in particular roles in system communications.
  8. Click Save.
    Note: You can still close the Engine Editor without saving the changes to return to the previous configuration and undo the conversion.
  9. Make initial contact between each node and the Management Server.
    Install and configure any new Security Engine nodes as part of the cluster as in a new installation.
  10. Install the policy on the Layer 2 Engine Cluster.
    To refresh the policy of the existing node before the new nodes are initialized, disable the inactive nodes on the Clustering pane in the Engine Editor. Otherwise, the policy installation fails due to a lack of connectivity to all nodes.