I don't see you having an issue with the Gateway since you can have multiple cores setup to use the same Gateway. In the event that your main core dies then you would change your alias to point to the backup core and your Gateway shouldn't be affected at all. I hope this answers your question or at least that I understood it correctly lol.
I think you have it correct, I am trying to validate that it actually works.
So one scenario we are working on now, is that the old core went down and we had to rebuild a new core with a new name.
We had backups of the agent\core certs, so we put them on the new core so we could manage all the old clients. We created an alias for the old core and pointed it to the new core. That seemed to work for everything except through the gateway.
If we replaced the local client cert with the cert for the new core, everything works through the gateway. Then someone mentioned that you actually could not use DNS alias and expect it to work through the gateway, but neither could not actually confirm that it was 100% correct.
This is with version 8.
So the other similar scenarion as we are migrating to version 9, is that I built the agents to look up the alias LANDCORE which currently points to LDCORE01 and if LDCORE01 goes down, I would simply change the alias to LDCORE02.
So the missing piece or question is, IF it can work as I believe it can, does the agent and core simply need to have both certificates installed on them? Which for the upgrade I can do now, but what about the first scenario where we have laptops out in different states not communicating back in using the old core cert which is still on the gateway?
1 of 1 people found this helpful
The backup core will need to have the cert for the main core as well as its own of course. The certificates for both cores will need to be added to the Management Gateway under Manage core certificates as well as all the settings for the Gateway need to be on both cores. I think that if you have all of this then they should be able to go through the Gateway in the event your main core goes down and you use DNS to redirect old clients to backup core. Either scenario you choose, the Gateway needs to have the certs for any core that is setup to use the Gateway.
Edit: I think you can also just use the core and post the certificate to the Gateway from there without having to access the Gateway itself.