Managing Mobile Controllers : Configuring Mobile Controller Clusters
  
Configuring Mobile Controller Clusters
You can create a cluster, or join an existing cluster of two or more Mobile Controllers, on the Cluster page. Mobile Controller clusters simplify the process of configuring Mobile Controllers for large deployments or high availability deployments with multiple Mobile Controllers. You can join two or more Mobile Controllers to provide a pool for available licenses. The entire pool of available licenses remains available to the SteelHead Mobile clients, even if one Mobile Controller uses all of its installed licenses or one Mobile Controller fails. The SteelHead Mobile clients can connect to any Mobile Controller in a cluster and have the same configuration and administrative experience.
Clusters provide the SteelHead Mobile clients with the same experience regardless of the Mobile Controller to which they connect by synchronizing the policies and other configuration settings across a set of member Mobile Controllers. You can configure cluster-wide settings on any member of the cluster, and these settings propagate across the cluster. However, node-specific settings must be configured locally on each Mobile Controller in the cluster.
Note: Peering certificates can be clustered, but the Signing CA and other settings under SSL are node-specific. Other node-specific settings include the Mobile Controller hostname and IP address.
Clustered Mobile Controllers pool their licenses, making the set of all base licenses available even if one or more Mobile Controllers in the cluster are not available. Although licenses are pooled between all members in a cluster, you must install base licenses on each Mobile Controller.
The Mobile Controller connects to a cluster in steps. First it sends a request to join the cluster to any existing cluster member. If accepted, it begins the process of joining a cluster. Settings of the Mobile Controller joining the cluster are deleted during the joining process, and the joining Mobile Controller synchronizes its configurations with that of the cluster. When the connection process finishes and synchronization is complete, the Mobile Controller is a member of the cluster.
Note: For clusters with more than three nodes, Riverbed recommends that you do not use extra-small Virtual Mobile Controllers (with 2 GB in the /data partition size).
You work with clusters on the Manage > Clusters page. This page shows the number of desktop licenses installed and in use.
Figure: Cluster Settings Page
Prerequisites
Before you can add a Mobile Controller to a cluster, you must complete the following prerequisites:
•  Have a valid IP address for the Mobile Controller.
•  Know the fully qualified domain name (FQDN) of the Mobile Controller.
•  Be able to connect to the other members in the cluster.
•  Have the same set of base licenses installed on all the members of the cluster: for example CIFS, MAPI, SSL, and so forth. For details on managing Mobile Controller licenses, see Managing Licenses.
•  Ensure that SSL trust can be established between all Mobile Controllers in the cluster. Generally, this trust is done by sharing the Signing CA certificate of members of the cluster. Prior to joining the cluster, you can export the existing signing CA, including the private key for the Mobile Controller. For details on exporting signing CAs, see To export an existing certificate.
•  Import the signing CA and private key of the other members of the cluster to the Mobile Controller. Prior to joining the cluster, you must replace (import) the existing signing CA, including the private key, for the Mobile Controllers in the cluster (One File in PEM or PKCS12 formats). For details on replacing (importing) existing signing CAs, see To replace a Mobile Controller signing CA.
Configuration Settings in Your Clusters
After you join a cluster, the configuration settings on your Mobile Controller are replaced by those shared in the cluster. When you change those settings on your Mobile Controller, those changes are made to the configuration of each Mobile Controller in the cluster. The following table lists the features that are shared by each Mobile Controller in the cluster.
Feature
Description
Policies
All policy settings propagate throughout the cluster.
Packages
Packages created on any member Mobile Controller are available to all clients and Mobile Controllers in the cluster.
Assignments and Group Settings
All group assignments and settings propagate throughout the cluster.
Adapter List
List of available interfaces.
Endpoint Report
The Endpoint report for any cluster member shows all endpoints connected to the cluster. For detailed information about Endpoint reports, see Viewing Reports for Endpoints.
License Pooling
Base licenses must be installed on each Mobile Controller in the cluster. Cluster members share licenses.
Peering Certificates
Establishes a trust relationship for the SSL peering certificates of all Mobile Controllers in the cluster.
Port Labels
Port labels created on any member Mobile Controller are available to all clients and Mobile Controllers in the cluster.
Monitored Ports
Monitored port configuration settings made on any member Mobile Controller are applied to all clients and Mobile Controllers in the cluster.
To join a cluster
1. Choose Configure > Cluster to display the Cluster page.
2. Specify, in the Host name text box, the IP address or hostname of any Mobile Controller that is a member of the cluster.
3. Optionally, specify a port number.
4. Click Attach to join the cluster.
After your Mobile Controller has joined the cluster, the Attach button becomes the Detach button. To leave a cluster, click Detach. You can remove any Mobile Controller in the cluster from any cluster member.
To remove a Mobile Controller from the cluster
1. Click the box next to any cluster member listed under Controllers in the cluster.
Figure: Remove from Cluster
2. Click Remove from cluster.
You can check the status of any cluster member in the Status column. The possible values for the Status column are defined in this table.
Status
Description
Joining
The Mobile Controller is joining a cluster member.
Connecting
The Mobile Controller is connecting to a cluster member.
Connected, Syncing
The Mobile Controller is connected to a cluster member and is configuring its settings to match the cluster’s settings.
Connected, Synced
The Mobile Controller is connected to a cluster member and has finished changing its settings to match the cluster’s settings.
Disconnected
The Mobile Controller cannot connect with the specified cluster member.
Disconnected, Denied
The cluster member is actively denying connections to the local Mobile Controller.
Troubleshooting Cluster Connections
The following situations can cause your Mobile Controller to become disconnected from the cluster:
•  The Mobile Controller that your Mobile Controller is connected to has become unreachable for some reason.
•  The trust settings on your Mobile Controller or the peer to which you are connected have changed and no longer match. Check your SSL settings; see Basic Steps for Configuring SSL Proxy Support.
If your Mobile Controller is disconnected from the cluster, and attempts to reconnect are denied, detach and rejoin the cluster. For details, see Configuring Mobile Controller Clusters.
Make sure that you have your logs configured at Error level. Cluster error messages appear at this level. For details on filtering log messages, see Viewing and Downloading Logs.
Troubleshooting Mobile Controller Connectivity
The following topologies can cause problems with Mobile Controller connectivity:
•  Firewalls between the endpoint and the Mobile Controller - To more easily manage the Mobile Controller, be sure to open the firewall to allow access to ports 22, 80, 443, and 7870. For more information about firewalls and firewall requirements, see the SteelCentral Controller for SteelHead Mobile Installation Guide.
•  Mixed mode clustering - In this topology, the Mobile Controllers use different versions of the software. Mix mode clustering can occur when not all the Mobile Controllers are updated to the latest software release.
Making policy, configuration, and cluster changes in mixed mode can be challenging. Therefore, Riverbed recommends that all the Mobile Controllers be updated to the same version of the software.
For more information, see the Riverbed Knowledge Base for any known issues, how-to documents, system requirements, and common error messages. You can browse titles or search for keywords and strings. To access the Riverbed Knowledge Base, log in to the Riverbed Support site at
https://support.riverbed.com.
License Pooling
In Mobile Controller clusters, licenses for all members are shared and available to each member of the cluster.
Members of the cluster can check out licenses from the license pool in small batches and return them when no longer needed, such as when the SteelHead Mobile clients disconnect from the Mobile Controller or no longer require a license.
When the Mobile Controller fails, other members detect the failure and all licenses are returned to the free pool. The Mobile Controller checks out a new batch of licenses when it comes back up. Initially, by default, the Mobile Controller collects up to 100 licenses (if they are available), and then acquires more if needed. If no licenses are available when the Mobile Controller comes back online, it is not able to check out licenses until they are released from other Mobile Controllers.