Secure Mobile Access 12.4 CMS Administration Guide

High Availability of the VPN Service

Global High Availability (Global HA) is configured from the CMS console by first enabling the Global Traffic Optimizer (GTO) service. Users access the VPN using the service name (e.g. access.example.com) in the VPN tunnel clients (Connect Tunnel or Mobile Connect) or the web client. The GTO service directs user connections to an appliance that is available.

Global HA enables SMA appliances to scale performance by deploying multiple appliances under a service name. Global HA eliminates a single point of failure and provides a highly available global VPN service. Customers can deploy 2 SMA appliances in the same data center or deploy clusters of up to 100 physical and virtual appliances across multiple data centers around the globe.

A distributed data store shares user session state as well as licensing information across the mesh network of SMA appliances. This allows for session persistence across appliances. In the event of a failover, users are connected to another appliance in the service. The distributed data store also allows for central user licenses to be shared across appliances and data centers.

All of the SMA appliances that are configured for the GTO service participate in the highly available VPN service. If an appliance that is part of the service fails due to hardware, power, or network issues:

  • New connection requests (by tunnel or web clients) will get directed to other available appliances.
  • Existing connections (that were connected to the appliance that failed) are automatically reconnected to another available appliance. Users typically do not need to re-enter their credentials.

Was This Article Helpful?

Help us to improve our support portal

Techdocs Article Helpful form

Techdocs Article NOT Helpful form

  • Still can't find what you're looking for? Try our knowledge base or ask our community for more help.