Versions Compared

Old Version 11

changes.mady.by.user joe.topjian@cybera.ca

Saved on

compared with

New Version 12

changes.mady.by.user joe.topjian@cybera.ca

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

In order to successfully navigate an outage, please use the following process:

Before Outages Occur

The following will occur during a failover event:

...

WhoTaskNotes
Palo Alto and FortiGate usersHave a copy
VFS UsersMake regular backups of your firewall configuration
ready
.This will make the recovery faster

Have the authcode (Palo Alto) or license file (FortiGate) of your firewall
ready
documented.This will make the recovery faster

Step 2:

...

When Outages Occur

WhoTaskNotes
Cybera’s VFS team

a. Confirm the issue; 

b. Contact the users impacted;

c. Initiate failover

Palo Alto and FortiGate users

a. Make sure there is no instance under the VFS project;

b. Re-launch firewall instance from the Rapid Access Cloud dashboard

The firewall will be relaunched using the latest baseline version of the firewall image uploaded on the Rapid Access Cloud

Scenario 2: Failover between regions

CyberaNotify VFS members with confirmation that an outage has occurred. This communication will detail an estimated length of the outage and if any steps need to be taken by members.

If the outage is expected to be prolonged, Cybera will notify users if an intra (within) or inter (between) regional firewall switchover is needed to be done by VFS members.

Definitions

Intra-regional Switchover: Creating a new virtual firewall within your "primary" region. For example, if your virtual firewall is normally hosted in Cybera's Calgary region, you would create a new firewall in Calgary.

Inter-regional Switchover: Creating a new virtual firewall within the "secondary" region. For example, if your virtual firewall is normally hosted in Cybera's Calgary region, you would create a new firewall in Edmonton.


Note

Inter-regional switchovers

Note

Regional failovers require manually recreating your firewall in the designated active region. Because of the amount of work required for the Cybera network team to reconfigure your network connection and the amount of work for you to recreate your firewall, regional failovers switchovers will only be initiated when the failed region is expected to be offline for one day or longer. 

Automatic failover is on our roadmap for the future.

...

a. Confirm the issue; 

b. Contact the users impacted;

c. Initiate failover

Recreating Your Firewall

If Cybera determines that the outage will last a prolonged amount of time, we will notify members that they should perform an intra (within) or inter (between) regional firewall switchover of their firewall. If this happens, the following process will happen.

d. Create the user’s network on the backup region;

e. Grant the appropriate flavor access;

f. Make sure there is no instance on the primary region

...

a. Re-launch firewall instance from Horizon dashboard

...

WhoTaskNotes
Cybera’s VFS team

a. Guide the user to upload their firewall authcode/license file

b. Guide the user to upload the most recent firewall configuration filec. Ensure the new firewall is operationald. Hand over the firewallPalo Alto and FortiGate users

a. Monitor new firewall

b. Confirm all services are operational

...

Cybera

Ensure members' network configurations are in-place in the appropriate region and members are able to recreate their firewall.


VFS Members

Follow the standard process of Setting up your Virtual Firewall, as you did when you first created your virtual firewall, but using the appropriate region for the outage.

Make sure you have a recent backup configuration of your firewall as well as the appropriate licensing information. You will want to restore your backup configuration rather than configuring your virtual firewall from scratch.


Note

Palo Alto users might have to perform an additional "hard reboot" for their firewall to become functional. If your firewall has been active for at least 15 minutes and are not seeing activity or traffic, please perform a hard reboot.

Moving Back to your Primary Region

In the event that an inter-regional switchover has happened:

WhoTaskNotes
CyberaCommunicate to VFS members that the outage is over.
Cybera

Ensure members' network configurations are in-place in the appropriate region and members are able to recreate their firewall.


VFS Members

Follow the standard process of Setting up your Virtual Firewall, as you did when you first created your virtual firewall, but using the appropriate region for the outage.

Make sure you have a recent backup configuration of your firewall as well as the appropriate licensing information. You will want to restore your backup configuration rather than configuring your virtual firewall from scratch.


Note

If an intra-regional switchover occurred, there is no need to recreate your firewall. Your new virtual firewall will run as your primary virtual firewall and your original firewall will be removed by Cybera.