N-node Cluster
The HySecure cluster is an active-active cluster. All of the nodes can handle user connections with load balancing so the resources can be utilized to the maximum.
The HySecure cluster is accessed via a virtual IP address assigned to the active (master) Cluster Manager Node.
The end users connect to the virtual IP address of the HySecure cluster. The active node receives the user connection and redirects the user connection to the gateway according to the selected load-balancing algorithm. The routing of the TCP connections happens at the network level.
HySecure Active Node Module Component :
Failover features
The HySecure Cluster requires a minimum of two hosts (nodes) and can have a maximum of 14 nodes. Two of the nodes run the HySecure Cluster manager module. The Cluster Manager module runs in an Active-Passive manner for load balancing and the HySecure configuration database. In a cluster, only one Active Cluster Manager node can exist that receives all the connections from the end user and redirects them to the gateway according to the selected load-balancing algorithm. The HySecure Cluster uses a virtual IP address to redirect all the connections to the Active Cluster Manager Node. The users connect to the virtual IP address.
Note
In case there is a firewall in front of the HySecure cluster then, port 443 on the firewall must be forwarded to the virtual IP address of the cluster.
The Cluster Manager Node keeps checking the health of the other nodes. It redirects the user connections to the HySecure Gateway nodes, which handle all connection crypto and secure gateway functions.
If the Active Cluster Manager Node fails, the standby Cluster Manager Node acquires the virtual IP address and starts receiving the user connections.
If any of the HySecure Gateway nodes fail, the HySecure manager will automatically transfer the user session to the other node with the least amount of load. The user has to reconnect the application that was being used to relaunch the session. If the user initiates reconnection, the new connection request from the application will be redirected by the Active Cluster Manager Node to the least loaded available HySecure Gateway Node. The user session information is replicated across the cluster, hence in case of failure with any node, the users are not required to authenticate with HySecure.
The behavior of a user connection during any failover incidence is described below:
| Failing node | User connection | User re-authentication |
|---|---|---|
| Active Cluster Manager | No impact, a delay of 6 seconds during failover | No re-authentication required |
| Standby Cluster Manager | No impact, a delay of 6 seconds during failover | No re-authentication required |
| HySecure Gateway Node where user connection is terminated | Application connection Dropped, reconnection to an available HySecure Gateway | No re-authentication required |
Load balancing features
The Cluster Manager Nodes distribute user connections evenly across the HySecure Gateway nodes to ensure load balancing. The supported default load balancing algorithm currently is Round Robin.
Network Communication Details
The network communication between different cluster nodes is described below. It is highly recommended to deploy all cluster nodes in a single subnet in the DMZ.
Network communication between various cluster nodes and SMTP
The SMTP servers should be reachable from all the HySecure servers in an HA cluster. Ensure that the SMTP port, 25 or 587 is reachable from the HySecure Gateway.
Network communication between various cluster nodes and SMS gateway
The SMS gateway should be reachable from all HySecure servers in an HA cluster. Ensure that the SMS gateway port, 443 is reachable from the HySecure gateway.
For more platform-specific information, click here.