Configuring VM FIPS HA
In a Virtual Machine (VM) HA configuration, connect the network management interface (wancom0) and media interfaces over virtual network switches via the hypervisor. This is no different for a FIPS-compliant HA implementation. Use a RJ45 Ethernet cable to connect wancom1 of the Primary node to wancom1 of the Secondary node.
The following is an example setup console log for a FIPS VME
primary
OCSBC.
FIPS_VM_Primary# run setup
-----------------------------------------------------------
Thank you for purchasing the Acme Packet SBC. The following
short wizard will guide you through the initial set-up.
A reboot will be required to save changes.
-----------------------------------------------------------
'-' = Previous; '?' = Help; '.' = Clear; 'q' = Exit
GUI ACCESS
If you want to allow GUI to access this SBC, enable this setting
Enable Web GUI (yes/no) [yes] : yes
WEB GUI MODE
Choose which mode to enable for the web GUI
Web GUI Mode
1 - basic
2 - expert
Enter choice [1 - basic] : 2
HIGH AVAILABILITY
This SBC may be a standalone or part of a highly available redundant pair.
SBC mode
1 - standalone
2 - high availability
Enter choice [1 - standalone] : 2
If this SBC is the primary, enter the configuration.
If it is secondary, you can import settings from the primary
SBC role
1 - primary
2 - secondary
Enter choice [1 - primary] : 1
Specify the IP address to set on interface connected for redundancy
Redundancy interface address [169.254.1.1] :
Redundancy subnet mask [255.255.255.252] :
SBC SETTINGS
Unique target name of this SBC [FIPS_VM_Primary] :
IP address on management interface [10.196.33.48] :
Subnet mask [255.255.224.0] :
Management interface VLAN (0 - 4095) [0] :
Gateway IP address [10.196.32.1] :
PEER CONFIGURATION
Peer IP address [169.254.1.2] :
Peer target name [sbc02] : FIPS_VM_Secondary
OC SDM ACCESS SETTINGS
Configure SBC to allow OC Session Delivery Manager to access it
OC SDM access (yes/no) [yes] : no
-- Summary view ---------------------------------------------------------------
GUI ACCESS
1: Enable Web GUI (yes/no) : yes
WEB GUI MODE
2 : Web GUI Mode : expert
HIGH AVAILABILITY
3 : SBC mode : high availability
4 : SBC role : primary
5 : Redundancy interface address : 169.254.1.1
6 : Redundancy subnet mask : 255.255.255.252
7 : Redundancy interface VLAN : N/A
SBC SETTINGS
8 : Unique target name of this SBC : FIPS_VM_Primary
9 : IP address on management interface : 10.196.33.48
10: Subnet mask : 255.255.224.0
11: Management interface VLAN : 0
12: Gateway IP address : 10.196.32.1
AUTOMATIC CONFIGURATION
13: Acquire config from the Primary (yes/no) : N/A
PEER CONFIGURATION
14: Peer IP address : 169.254.1.2
15: Peer target name : FIPS_VM_Secondary
OC SDM ACCESS SETTINGS
16: OC SDM access (yes/no) : no
17: SNMP community string : N/A
18: OC SDM IP address : N/A
Enter 1 - 18 to modify, 'd' to display summary, 's' to save, 'q' to exit. [s]:
FIPS_VM_Secondary# run setup
-----------------------------------------------------------
Thank you for purchasing the Acme Packet SBC. The following
short wizard will guide you through the initial set-up.
A reboot will be required to save changes.
-----------------------------------------------------------
'-' = Previous; '?' = Help; '.' = Clear; 'q' = Exit
GUI ACCESS
If you want to allow GUI to access this SBC, enable this setting
Enable Web GUI (yes/no) [yes] : yes
WEB GUI MODE
Choose which mode to enable for the web GUI
Web GUI Mode
1 - basic
2 - expert
Enter choice [1 - basic] : 2
HIGH AVAILABILITY
This SBC may be a standalone or part of a highly available redundant pair.
SBC mode
1 - standalone
2 - high availability
Enter choice [1 - standalone] : 2
If this SBC is the primary, enter the configuration.
If it is secondary, you can import settings from the primary
SBC role
1 - primary
2 - secondary
Enter choice [1 - primary] : 2
Specify the IP address to set on interface connected for redundancy
Redundancy interface address [169.254.1.2] :
Redundancy subnet mask [255.255.255.252] :
SBC SETTINGS
Unique target name of this SBC [FIPS_VM_Secondary] :
IP address on management interface [10.196.33.40] :
Subnet mask [255.255.224.0] :
Management interface VLAN (0 - 4095) [0] :
Gateway IP address [10.196.32.1] :
AUTOMATIC CONFIGURATION
Acquire config from the Primary (yes/no) [yes] : yes
PEER CONFIGURATION
Peer IP address [169.254.1.1] :
-- Summary view ---------------------------------------------------------------
GUI ACCESS
1: Enable Web GUI (yes/no) : yes
WEB GUI MODE
2 : Web GUI Mode : expert
HIGH AVAILABILITY
3 : SBC mode : high availability
4 : SBC role : secondary
5 : Redundancy interface address : 169.254.1.2
6 : Redundancy subnet mask : 255.255.255.252
7 : Redundancy interface VLAN : N/A
SBC SETTINGS
8 : Unique target name of this SBC : FIPS_VM_Secondary
9 : IP address on management interface : 10.196.33.40
10: Subnet mask : 255.255.224.0
11: Management interface VLAN : 0
12: Gateway IP address : 10.196.32.1
AUTOMATIC CONFIGURATION
13: Acquire config from the Primary (yes/no) : yes
PEER CONFIGURATION
14: Peer IP address : 169.254.1.1
15: Peer target name : N/A
OC SDM ACCESS SETTINGS
16: OC SDM access (yes/no) : N/A
17: SNMP community string : N/A
18: OC SDM IP address : N/A
Enter 1 - 18 to modify, 'd' to display summary, 's' to save, 'q' to exit. [s]:
The following are examples of FIPS VME primary and secondary deployments where adapter 1 is used for management, adapters 2 and 3 are used as the HA interconnects, 4 is unused, and adapters 5-8 are used as media interfaces.
