Skip to content

About High Availability

A single HySecure instance is usually sufficient for handling very small deployments to the order of a few hundred users. In order to scale up the number of supported users, multiple instances of HySecure are configured to be part of a "Cluster". Along with scaling up the number of supported users, an "Always ON" functionality is also provided through two key features viz. High Availability and Load Balancing.

An HA deployment also helps in achieving a fault tolerant system and in scaling up the number of supported users, as well as improving the performance and throughput.

HA and loadbalancing is achieved by deploying 2 or more instances of HySecure Gateways in a cluster.

Important

While deploying a single instance of HySecure Gateway, it still needs to be configured as a node of a cluster. As a result, during the node installation, a cluster needs to be created so that it is future ready for additional node addition

HySecure Gateway Node Types

An instance of HySecure Gateway, also called a node, can act as either of the following two types of nodes

  1. Load Balancing (LB) OR Cluster Manager Node

    A load balancing node, also called a Cluster Manager node, has the following components/modules

    1. HySecure Configuration Database

    2. Cluster Configuration module, responsible for managing the cluster configuration

    3. Load Balancer modules

    Important

    There can be a maximum of 2 LB nodes in any deployment. These LB nodes will work in an Active-Passive manner such that if the active LB node goes down then the passive LB node takes over the role of Load balancing the user connections

  2. VPN or Gateway or Real Node

    A VPN node, also called a Gateway node or a Real node, has the following components/modules

    1. HySecure Gateway Engine which handles user connections, and

    2. HySecure management console.

    Important

    1. A pure Gateway Node cannot act as a Cluster Manager node whereas the reverse is possible.

    2. In case of a single node deployment, the node wll act as both a Load Balancing node as well as a VPN node

Node Requirements in a Deployment

In any deployment (single / multiple HySecure Gateway instances), following are the node requirements

  1. There has to be atleast 1 LB node and 1 VPN node. So even if there is a single HySecure Gateway instance, it needs to act as both an LB node as well as a VPN node.

  2. In a multi-node cluster, there can be a maximum of 2 LB nodes. These LB nodes will work in an Active-Passive manner such that if the active LB node goes down then the passive LB node takes over the role of Load balancing the user connections.

Cluster Configurations

Following different cluster configurations are possible

Configuration Type Deployment Type No. of Hosts Cluster Manager nodes HySecure Gateway Node Count
Single Node Cluster Cluster ready for future 1 1 1
Full Cluster-1 Cluster with minimum hardware and shared services 2 2 2
Full Cluster-2 Growing cluster with partially shared services 3 2 3
Full Cluster-3 deployments with dedicated hosts for different nodes 4 or more, maximum 14 2 2 or more, maximum 12

  1. Standalone Configuration (Deprecated)

  2. Single Node Cluster Deployment

  3. Cluster deployment with 2 nodes

  4. Cluster deployment with 3 nodes

  5. Cluster deployments with dedicated nodes

Recommendations

Here are some recommendations for a judicious selection of the number of components

  1. Very Small deployments

    A Hardware instances, running both the LB Node and the VPN Node. This scenario is good for very small deployments, typically good for upto 500 users. In this scenario, the hardware instance is running both the load balancer and VPN functionality. The load balancer module is practically disabled.

  2. Small deployments

    Two Hardware instances, both running LB Node and VPN Node. This scenario is good for smaller deployments, typically good for 2000 users or so based on the hardware capacity. In this scenario, both the hardware instances are running load balancer and VPN functionality. One of the hardware runs active LB and other one acts as standby.

  3. Large deployments

    N no. of hardware with all nodes running VPN Node. This scenario suits deployments ranging from 2000-10000. In this scenario, there are 2 LB Nodes and there can be any no. of VPN Nodes. The hardware running LB Node also runs VPN Node.

  4. Highly Scalable deployments

    N no. of hardware with dedicated LB Node. This scenario suits deployments ranging from 10000 to 1,000,000 no. of users. The hardware running LB Node is free from doing VPN processing and hence the overall performance of LB Node is very high. Rest of the hardware runs VPN Nodes.