Manual Chapter : Running Application Security Manager on the VIPRION Chassis

Applies To:

Show Versions Show Versions


  • 11.2.1
Manual Chapter
In contrast to the way the Application Security Manager runs in a redundant system configuration, where only the active unit handles requests and enforcement, on the VIPRION® system, the primary and secondary cluster members handle traffic and enforcement. A separate instance of the Application Security Manager runs on each of the cluster members in the VIPRION system. In the event of blade failure in the chassis, updates and synchronization gracefully and transparently transfer security policies and data to the new primary cluster member.
The Application Security Manager system failover communication on the VIPRION chassis is the same as that in redundant system configurations, ensuring that configuration data are synchronized to all cluster members in the cluster. Real Traffic Policy Builder® and Learning Manager run only on the primary member. When configuration or security policy changes are made to the cluster, the active security policy is copied from the primary member to those that are designated as secondary cluster members. Each secondary cluster member imports the updated security policy and sets it to the active state.
The Application Security Manager functionality is the same on the VIPRION chassis as it is when installed on a single cluster member or as a standalone component, with the following exceptions:
Request reporting occurs on the primary blade, and every entry has the ID number of a slot on which the request has been processed.
Note: When a new primary cluster member is elected within Local Traffic Manager, the Application Security Manager applies the full configuration of the new primary cluster member across all other cluster members.
On the Main tab, expand Application Security and click Overview.
The Overview screen opens and displays statistics for the system including all blades running on the VIPRION chassis.
The Application Security Manager displays the synchronization status for each cluster member in the VIPRION chassis in the context of security policies. Although each cluster member has its own Configuration utility, you can view the synchronization status only from the primary cluster member. The possible status for each blade is:
Up to date
The security policy for this cluster member is identical to that of the primary cluster member.
Waiting for reply
The security policies for this cluster member have not yet received the security policy update.
The system is currently applying policy changes to this cluster member to synchronize it with security policy changes made on the primary cluster member.
The system was not successful in applying security policy changes from the primary cluster member. As a result, the active security policy on this cluster member is different from the active security policy on the primary member.
On the Main tab, expand Application Security and click Synchronization Status.
The Synchronization Status screen opens, where you can review which slot is designated as the primary cluster member of the VIPRION system, and the security policy enforcement status of each secondary cluster member relative to the primary cluster member. The cluster member status changes if you perform the Apply Policy action or make any change that is immediately enforced, for example, install a UCS file, change a logging profile, and import or export a security policy.