We are on a single web gateway right now. We have been experiencing some slowness that may be due to load but perhaps we need to do some config tweaks also. But aside from that, we feel that we need another gateway in case 1 goes down so we have a fall back. Our first is the actual physical appliance. I understand you can also get it in virtual machine form. So my question is, how would it look? Can two of them work together in tandem? Would you split traffic across both of them? We are just curious what our options are.
You can find a description of Proxy HA in the product guide, Blade Server > Network setup and under Proxies > Proxy HA settings.
Basically, Proxy HA means you deploy two or more Web Gateway nodes with one virtual IP address (VRRP), to which users are connecting (they only see one). The node holding the virtual address will do load balancing to all available nodes.
Interesting, thank you for your answer. Looking in those settings, it almost looks like you could do some manual balancing if you wanted? For instance based on the port that the user is connecting to, is that correct? The reason I ask is because - we have one physical appliance and I think our second would be virtual and it is possible we may not want to put as much traffic on the virtual appliance.
Also, what happens if the node holding the virtual IP goes down?
It's not perfect, though as not all devices that need to talk to the web are web browsers. Web browsers support pac's but not all software and applicances do, so you have to specify an ip for a fallback anyway.
I'm curious how many people are using proxy HA and how they like it. The environment I'm in is using 2 boxes with individiual ip's and no VIP, and using PAC's to balance between them, and leveraging the clustered configuration management which works nicely. It works ... okay, but when one box is down for mtc you do hold your breath for whether someone is using one box specifically. I'm open to a VIP if the HA works well. A running joke is that a curious % of outages (regardless of vendor) are related to HA bugs.
That said, we do use a VIP with a pair of email gateways here and that has worked rather nicely. When one box goes offline, the other box starts managing the VIP, and it just ... works.