1 Reply Latest reply on Apr 8, 2013 11:27 AM by trin-mac-fee

    IronMail Cluster Questions

    runcmd

      We recently purchased a second EG-5500 with the intention of clustering it with the appliance we already have.  We are using our existing IronMail to process both inbound and outbound mail and are utilizing the encrypted email component.  Our current environment is v6.7.2 and the new appliance has v7.0 preinstalled.  It is my intention to cluster the two appliances at two separate physical locations.  My preference would be to upgrade our previously existing appliance to v7.0 rather than downgrade the new appliance to v6.7.2.  I have encountered a few problems while thinking this process through...

       

      1.)  We have many custom content filter dictionaries with many entries.  One dictionary has over 2,000 entries.  We also have a rather large administrative whitelist.  It is my understanding that there is no upgrade path from v6.7.2 to v7.0 and that the dictionaries would need to be rebuilt by hand (or a custom script would need to be created to somehow convert the text files of 6.7.2 to the XLM format of 7.0).  The support representative I spoke with indicated that McAfee is working on a tool to convert dictionaries but it is not yet publicly available.  Has anyone else converted their environment to v7.0 and, if so, how did you handle the migration of your dictionaries and the administrative whitelist?

       

      2.)  My support representative indicated that the encrypted email component is only supported in a clustered configuration with v7.0 on patch 1 and only in a push configuration.  Patch 2 is supposed to support push and/or pull in a clustered environment but there is currently no official release date for Patch 2.  We utilize both push and pull.  Is anyone else utilizing encrypted email in a clustered configuration?  If so, how did you implement it?

       

      3.)  An alternative is to run the two appliances independently; however, this poses its own set of problems:  (a) Multiple quarantine release notifications would be generated--at least one from each appliance daily.  This would cause confusion for end users.  (b) Separate encrypted email profiles on separate appliances, with the possibility of unique user passwords on each.  This would confuse recipients of encrypted emails.

       

      Any thoughts or comments would be greatly appreciated.  Thank you.

        • 1. Re: IronMail Cluster Questions

          Hi I am somewhat in the same issue. I have two ironmail devices in the following:

           

          2 separate physical locations

          2 separate dmz subnets

           

          Both were upgraded to version 7.0.2 however there is a new requirement for the clustering. Both devices must sit on the same network and share the same virtual IP Address to implement clustering. In version 6.7.2 all I had to do was create a vpn between both DMZs and enter the peer addresses of the devices and the cluster worked perfectly. I am not sure how to proceed with this new requirement.

           

          It seems that we both may have to stick to version 6.7.2 in hopes that McAfee will include solutions to our issues in future upgrades.......