5.3 Creating a Cluster of SSL VPN Servers

The system automatically enables clustering when multiple SSL VPN servers exist in a group. To create an SSL VPN cluster, you must create a cluster of SSL VPNs after you install an SSL VPN server, then assign one or more SSL VPN servers to that cluster.The Access Manager software configuration process is the same whether there is one server or multiple servers in a cluster.

This section describes how to set up and manage a cluster of SSL VPN servers:

5.3.1 Creating a Cluster of SSL VPN Servers

To create a new SSL VPN server cluster, you start by creating a cluster configuration with a primary server.

  1. In the Administration Console, click Devices > SSL VPNs > Servers.

  2. Select the SSL VPN server that you want to add to the cluster, then click New Cluster.

  3. Specify a name for the cluster configuration. If you selected the server in the previous step, the IP address of the server is displayed in the Primary Server drop-down list. If you have not selected a server in the previous step, you can now select the server or servers that you want to assign to this configuration.

  4. Click OK.

  5. Click the cluster configuration name that you created.

  6. On the Cluster Details page, click Edit.

  7. Fill in the following fields as required:

    Name: Specifies the name of the SSL VPN server cluster configuration. You can modify the name of the cluster if you want.

    Description: Specify a brief description of the SSL VPN cluster.

    Primary Server: Specify the IP address of the primary server in the SSL VPN server cluster.

    The Cluster Members section displays the IP address and other details of the SSL VPN servers that are assigned to the cluster.

  8. Click OK.

The status icons for the configuration and the SSL VPN Server should turn green. It might take several seconds for the SSL VPN server to start and for the system to display a green light.

5.3.2 Adding an SSL VPN Server to a Cluster

After you create a cluster and identify the primary member, you can add other SSL VPN servers to the cluster. You can add more than one SSL VPN server to the SSL VPN cluster.

  1. In the Administration Console, click Devices > SSL VPNs.

  2. On the Servers page, select the server, then click Actions > Assign to Cluster.

    To select all the servers in the list, select the top-level Server check box.

  3. Select the name of the cluster that you want to add the SSL VPN server to.

    The health status of the SSL VPN server turns green, if the server is already configured and the trust relationship is established with the Identity Servers. Otherwise, the health status is displayed as yellow. It might take several seconds for the SSL VPN server to start and for the system to display the health icon.

5.3.3 Removing an SSL VPN Server from a Cluster

Removing an SSL VPN server from a cluster disassociates the SSL VPN server from the cluster configuration. You can either remove servers individually or remove all the clusters at the same time.

When you remove a server from a cluster, all of the configuration except the trust relationship remains unchanged and can be reassigned later or assigned to another server. The trust relationship established with the Identity Server is lost when a server is removed from the cluster.

  1. In the Administration Console, click Devices > SSL VPNs.

  2. Select the server, then click Stop. Wait for the Health tab to show a red icon, indicating that the server has stopped.

  3. Select the server, then choose Actions > Remove from Cluster.

  4. Click OK.