MDS Containers – Spreading domains over multiple MDS units

 

 

 

Check Point MDS Containers

You don’t have to go tooo far to see how Check Point has changed its container architecture in R75 and I love it. Prior to this you had a choice of

 

– Mgt + container
– Container only
– MLM

Now everything is a Mgt + container. So if you have 1000 domains on a single P1 and its all blowing up because 32 bit just doesn’t handle things like backup, then you need to spread things around a bit. So you buy a couple more MDS servers and import/export the domains from the primary down to the secondaries.

HOW??

1) Well, the secret is create just 1 ONE primary MDS. Then create all secondary OR MLM MDSs after that. This is how you get a SIC so you can register them with the primary.

2) In the SDM, include the secondary units into the MDS list using the SICs to verify

3) Make sure you sync the global database after registering or by hand

4) Manually migrate domain, delete old domain and then re-import into new secondary MDS. **** NOTE: You can also host domains inside an MLM

Easy Peasy.

If you need HA, then create a secondary MDS and use the mdscmd mirrormanagement command to mirror the source MDS server. This MDS unit will only contain mirror domains, you can’t create unique instances of domains, they will get mirrored/synced to the source MDS.

Oh yeah, did I tell you the documentation is all horked? Just throw it away and do what I tell you.

So there….I admit I was wrong but I figured out the real deal.

Thanks to Check Point Support and Ofer Orr at Check Point for the tips. You people rock.

dreez

 

 

 

 

 

 

 

 

 

 

Advertisements
Post a comment or leave a trackback: Trackback URL.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

blog.lachmann.org

Michael Endrizzi's - St. Paul MN - CheckPoint blog on topics related to Check Point products and security in general.

%d bloggers like this: