M

24 Messages

 • 

330 Points

Wed, Jul 28, 2021 3:28 PM

SZ-100 Hardware redundancy

Hi Everyone,

I asked this question earlier but now I have some more details and need some guidance.

I have an SZ-100 (a SZ-104 to be exact).  I have not had good luck RMAing equipment recently with Ruckus, slow response, and slow shipping.  If our SZ-100 went down for some reason I simply can't wait a week plus for Ruckus to get me a new controller.

Our setup is very simple, a single cluster serving a small campus of 70 APs with 2 wireless lans.

My initial plan was to get another SZ-100 and do an active-active setup with the second controller being in another building.  I had an open case with a Ruckus Support Engineer for an unrelated issue and ran this plan by him and he said it would be easy to implement.

In the meantime, I went to source another SZ-100, and of course, they're NLA.  The vendor I was suggested an SZ-144 as that's what they had listed as replacing the SZ-100.  I OKed it, took a quick look at the specs, and noticed the SZ-144 had quite a bit more capacity but figured that couldn't hurt.  I did ask the Support Tech and he assured me that the 144 would work, I just couldn't mix SZs and vSZs.

That brings us to today, I was talking to another Ruckus Support Engineer (same unrelated issue as above but I think we resolved it this time) and mentioned my plan and he said I could NOT add my SZ-144 to my SZ-100 cluster in an active-active setup.  So now I'm sitting here with what looks like a very expensive paperweight.

I honestly wish I had pumped the brakes on the the SZ-144 as it was also a considerable price increase as well.  We were rushing to close out the budget year so things happen quickly.

What are my options?  I feel like I'm stuck between a rock and a hard place at the moment.

Thanks,

Matt

Employee

 • 

333 Messages

 • 

6.4K Points

3 m ago

Hi Matt,

Thanks for your detailed explanation of the difficult situation you find yourself in. 

I'm pleased to hear you've had solid advice from the Ruckus support engineer but, of course, disappointed to hear you were given incorrect information (by a partner support tech?) regarding inter-mixing of SZ100 with SZ144. There is a Ruckus support advisory confirming it is not possible to inter-mix the two controller platforms: https://support.ruckuswireless.com/articles/000010857

We had to EOS SZ100 at relatively short notice due to the EOL of a component used in the hardware by a 3rd party supplier.  It also gave us the opportunity to increase the performance and resilience of the replacement SZ144 platform.

I would always recommend a customer has at least 2x on-prem clustered controllers (whether hardware appliances or VMs), however I appreciate that's not helpful right now!

I believe the speed of RMA replacements are challenged with the current global silicon shortage that is affecting all products, apologies for this.

In my view it would be best to aspire to ultimately have 2x SZ144 controllers in a cluster (active-active redundancy).  However I understand until budget is available for this, you need a 'Plan B'.

It is possible to migrate the configuration from SZ104 to an SZ144. Therefore you could theoretically run an active > cold-standby scenario, with the SZ-144 being a 'cold-standby' and having the same IP address and (migrated) config as the SZ104. Please note this is not an officially-supported solution, will be at your own risk and will likely be service-interrupting whilst the APs deal with the SZ100 heartbeat loss and SZ144 reconnection and reconfigure (even if it's with an identical config).

The main commercial downside to the above (at best, interim) solution is the issue with AP licensing. In an active-active cluster, licenses are shared between the SZ controllers but in the interim soution described above, each controller would need to be indvidually licensed for all APs.

I don't believe SZ144 configs can be reverse-migrated to SZ100, so in the interim solution, the SZ100 will always need to be the 'primary' controller/configuration.

I would recommend reaching out to your Ruckus Partner to liaise with your local Ruckus SE to see if they have any further help or suggestions.  Please let me know your location, if you'd prefer for me to do this directly within Ruckus.

Good luck and best regards,
Darrel.

167 Messages

 • 

3K Points

3 m ago

You need a better Ruckus Partner.  Unlike ZoneDirectors that included a free limited-lifetime warranty, SmartZones come with only a one-year standard warranty.  After one year, there is zero coverage.  So with SmartZone hardware, it is highly recommended to always buy and maintain an active support plan.  Purchasing and maintaining a Ruckus Support plan provides you with advance NBD replacement, firmware updates, TAC, etc.

You were told correct on clustering by the second ruckus guy - all nodes must be the same model and running the same version of code.  If you need 100% high availability, then a multi-node cluster is recommended.  However, depending on the details of your configuration, you can probably get close to high-availability on a single SZ.  A little more info is needed before wading into that. 

- authentication method is use for each wlan?

- using dpsk?

- what ap models?  

 

PS- the 144 is a much better box than the 104 or especially the 124, so don't feel bad about buying it. 

 

(edited)

24 Messages

 • 

330 Points

@david_black_5940365 

I agree on the partner end of things.  That being said my vendor has had a hard time getting info from Ruckus when trying to quote me prices so I think that's a two-way street.

Anyway, to answer you questions:

WPA2 on one wlan, the other is open

No on the dpsk

R610

It's nice to hear that the SZ-144 is a better unit but from the sounds of it, I can't transfer my AP licensing from the SZ-100 so that is just another roadblock for me.  We also purchased 3 years of support for the SZ-100 and for our new SZ-144.

Thanks,

Matt

Employee

 • 

333 Messages

 • 

6.4K Points

Hi Matt,

David asked some very pertinent questions, ones I thought to ask but my response was already at risk of TL;DR!

The (positive outcome) is that your network doesn't appear to be reliant on the SmartZone for operation.  WPA2 (assuming PSK? If it's WPA2-Enterprise then this is more complex) and open networks (providing there's no controller-based captive portal) will continue to operate even if the SZ 'disappears'.

Also backing-up David's comment about the SZ144 - it's a FAR superior unit for sure.  Higher capacity APs and ICX, dual PSU, replaceable fans, 4x 1Gb + 4x10Gb data plane and will be supported with new firmware and updates for a long time to come.

Regarding licensing, there can be some flexibilty here but I suspect not enough to initially give you a resilient controller solution.

I have sent a link to this page to our global head of Education for his thoughts.

I'll respond with an update as quickly as possible.

Best,

Darrel.

24 Messages

 • 

330 Points

@darrel_rhodes 

Yes, I am using WPA2-PSK.

So it sounds the APs would just keep trucking with the last known config if the SZ went down?  

If that's the case that does change things a bit.  I've had a ZD1200 go down in the past and it took out the whole wireless network with it, I just assumed that the same would happen with the SZ100.

If this is the case then that makes me feel quite a bit better, though I still have the whole SZ100/144 issue to deal with.  If the AP licenses were transferable I would consider moving from the SZ100 to the SZ144 and calling it an upgrade.

Maybe some light at the end of the tunnel?

Matt

Employee

 • 

333 Messages

 • 

6.4K Points

@matthew_kopishke

Hi Matt,

At the risk of swamping you with information, I just wanted to confirm some of the points you've raised:

i) "The APs will just keep trucking" (I love how you phrased this!) - absolutely! SZ-controlled APs don't need for the SZ to be present for most of their day-to-day operations.

ii) ZD vs SZ architecture: as David mentioned, the two platforms couldn't be more different. Losing ZD means your entire Wi-Fi is down, with SZ we removed the AP's dependence on the controller for most functions.

iii) Licenses: I'm cautious about commenting on licenses on a public forum as there are lots of variables.  However if, as David suggested, you are able to transfer them from the SZ104 to SZ144 using LiMan or via a Ruckus support ticket, then your suggestion of "calling it an upgrade" is definitely the way to go! However I would still recommend you budget for a second SZ144 when possible. Hopefully then you can retire your ZD and host all your APs on the single SZ-pair?

Finally; I'm looking to get your local Ruckus SE to contact you to ensure you're looked after from here on!

Best regards,
Darrel.

24 Messages

 • 

330 Points

@darrel_rhodes 

Thank you for your help.

I'm looking forward to talking to an SE as I have a few other questions I would love to get cleared up.  I'll also take a look at the licensing in LiMAN and see if can make some sense of things on my own.

Matt

24 Messages

 • 

330 Points

3 m ago

@darrel_rhodes 

Hi Darrel,

You confirmed what I had feared.  I would suggest updating your "SmartZone Cluster Redundancy Deployment" docs to reflect these nuances as that's what I was using as my initial guide.

I have to say I'm pretty frustrated with the situation at the moment.  I can't simply keep throwing money at the situation as we're a public school with limited funds.  Our SZ-104 is also less than 2 years old and should be more than adequate to manage our network.

I should have done more research on my part BUT point-blank asking one of your Technical Support Engineers if it will work and getting misleading info kind of mitigates that.

The only option that seems remotely viable at the moment is the cold backup scenario BUT I think you are saying I would need to purchase AP licenses for both controllers to make this work?  If so that makes this option even less viable.

I'm in Maine, I'm hoping you can put me in contact with someone who can help resolve this issue.  

Thanks,

Matt

(edited)

167 Messages

 • 

3K Points

3 m ago

Matthew,

You don't need to purchase any licenses.  Unlike with ZoneDirectors, SmartZone licenses do not belong to a piece of hardware - they belong to the school and you can move them from controller to controller as see fit.  Using the LiMan tab on the support portal, you can assign the licenses (some or all) to any controller the school owns (eg: the 104).  You can also revoke some/all and reassign them to a new asset (the 144).  There is never license obsolescence with SmartZone. 

You're not using radius or dpsk, so you can achieve 99% high availability with only one SZ.  The only thing you'll lose is the ability to manage (add new wlans, change a psk, status reports, etc).  There's a couple of default setting you need to modify and I'll add more later.  

(edited)

167 Messages

 • 

3K Points

3 m ago

Missed your earlier post regarding the 1200 which touches on another major difference between ZD and SZ architectures.  In the case of a ZD managed network, if you only have one ZD and it goes down, the whole network is down until you get it back up.  You can add a standby ZD and enable SmartRedundancy which will allow you to recover, but it not a hitless failover.  All AP tunnels have to be estabilished to the surviving controller, and all wlan sessions are terminated and have to be re-established with the clients.  There's sort of a minute or two where things are messed up and afterwards everything is back to normal.  I think you said you had 70 APs and one ZD1200, so the partner should have sold you 65 licenses since the controller already includes 5 free ones, so a total of 70.  Add a second ZD1200 and enable smart redundancy and the licenses pool together - 70 from zd1 + 5 from zd2 = 75 total licenses on both controllers. 

Anyway, with ZD, the controller provided a lot or the services (control, management, mesh, dpsk, captive portal, keeping track of end user sessions, roaming etc...).  With SZ, the APs have grown up - they take care of themselves now.  There's still a few things that require the mother ship, but you're not using them. 

(edited)

24 Messages

 • 

330 Points

@david_black_5940365 

Thanks for the clarification on the licenses.  That should make things really simple.  Up until 2020 I had only worked with ZD1200s so I'm quite familiar with their licensing.

As far as the ZD1200 I mentioned it is at a separate site unrelated to the one we've been talking about.  At some point, I would like to roll the APs that are on the ZD over to the SZ but I know that's a bit of a process on all ends (hardware, management, and licenses) and one that I'll tackle at a later date.

Thank you so much for your help,

Matt

167 Messages

 • 

3K Points

@matthew_kopishke you're welcome to contact me if I can be of assistance.  We're a Ruckus Elite partner, but we're in Houston. So, you do need to follow Darrel's advice and get some qualified local help.  I can also help you with any technical or configuration questions, or a second opinion.  I think my email is listed on my profile.  If not, post a message here and I'll reply. 

167 Messages

 • 

3K Points

@matthew_kopishke BTW, I meant to ask about the open network...  Does it have a traffic policy that denies access to the school's internal network (ie, is it internet only)? 

24 Messages

 • 

330 Points

@david_black_5940365 

Yes, it's a separate private network that we maintain for Student/Parent access on personal devices.  Zero access to our primary network.  We also use QoS to throttle the public network.

457 Messages

 • 

5.7K Points

It is really the exact reason, why I always use vSZ, and never appliances. With vSZ you don't have any issues with hardware replacement or future compatibility. I have never recommended any customer to use SZ-1xx, as I haven't yet customer, which isn't already running some hypervisor. And even if you need to buy a server to run vSZ, it still makes sense to go for vSZ, as support is cheaper and easier this way.

You most probably have to look for a new Ruckus partner to work with, as you got bad advice more than once.

For a solution I would say you have to think about opportunity to migrate to vSZ and sell your SZ-100/144. You always could use vSZ to have a cold backup in case of disaster with SZ, as you just need to reassign AP licenses to vSZ to get everything running, but it is not the best way to do things.

To get reliable redundant system migrating to vSZ the only new costs would be VM RTU licenses and they support, plus you need some space on your virtualisation equipment. Main part of costs (AP licenses and they support) can be simply moved from SZ to vSZ in LIMAN very easy. 

I definitely recommend to move to virtual solution and sell your both SZ-1xx.

In the worst case, if you have no hypervisor available, and no real budget,   you always can buy 3 identical HP DL360/380 G8 servers on EBAY, they typically cost about 400-500 Eur with 2x Xeons and 128 GB RAM, and run vSZ over free VmWare ESXI  (with one spare server on shelf you'll be fully covered for any hardware fault). Many SMB businesses use them, they are built as tanks, and very cheap to source.

24 Messages

 • 

330 Points

2 m ago

@darrel_rhodes

Have you had a chance to find someone a can talk to about licensing?  I also have a few other small business questions I would love to wrap up.

Thanks,

Matt

457 Messages

 • 

5.7K Points

2 m ago

As you have a very simple network and you are already have necessary AP licenses for SZ, you just need to decide how you want to handle your network high availability. it requires some work or money to be spent.  In any case, some of both your hardware units will be unused, as they are not compatible in one setup, and looking to way to use both of them is fruitless. 

So just make the best use of what you have with best possible result.

1st of all, you need to document your setup, including such things as IPs of all APs, and SSH credentials to access them, as well as all VLAn and WLAN configurations. When you have it, you will be able recreate configuration from scratch in ~1 hour, and this is must to have in any case.

Than you have to decide, if you want to buy another SZ-144, or just want to have some temporary backup solution in case of sz-144 fault and RMA (even so it seems that you network will have no issues to survive a week without SZ unit, you lose management and monitoring in such situation).

Probably, the simplest (and free) solution in this case would be to install proper version of vSZ, and recreate configuration from documentation. It normally can be done in 2-3 hours, if you have prepared infrastructure, and installed vSZ comes with temporary node license for 45 days, which is sure enough to keep you running  during RMA. You'll need to transfer your AP licenses to this vSZ to connect all APs, but it is done easy through LIMAN.

When RMA unit arrives, you just restore backup of SZ-144 configuration and transfer licenses farther to the new unit.

Of cause, if you can buy another SZ-144 unit, you get more comfort with active-active backup. But it will cost you another unit + support for SZ-144 yearly, which includes hardware support and is therefore not cheap.

Another way is to move to virtual infrastructure and vSZ. Support price for vSZ VM is much lower than for SZ-144, because it includes only software support, and no hardware, but AP licenses and they support are exactly the same and can be just transferred from SZ-144 to vSZ. Of cause it, means that you need to take care of infrastructure for vSZ installation, but it is usually available - who doesn't have virtual servers now?

Of cause, in case of going completely virtual both SZ-100 and SZ-144 will be nice paperweights in your office, but it will do what you need and cost of that will be cheaper in the long run . Even 3 years already will give you savings --  to go virtual you need just 2x vSZ RTU license (L09-VSCG-WW00) and support for that - S01-VSCG-3L00 (you already have all AP licenses!).  Cost of licenses + support for 3 years will be same or less than support cost of just 1 SZ-144 for same period, and you'll have active-active redundant setup, which you can achieve with current hardware. 

It is not a problem with SZ-100/144, reason of the mess is a wrong purchase decision, done because of wrong advice given by incompetent reseller. And wrong advance can (and often is) expensive for customer. It's actually the same as buying unneeded or incompatible spare for your car -- it costs, and you have no use for it, even so part itself is fine.

So it may be actually cheaper to retire both units, than to keep using them. 

 

But most important, whatever you do, don't rely on recommendations from dumb resellers -- there are a lot of companies who just resell hardware. They will sell you anything, and they actually have never seen staff, they "just sell it", not use it. They can be used, if you know staff yourself and just order proper part-numbers, but can't advice you.

You need to learn SZ technology. It is not that difficult, you need some spare APs, 1 week time and go through it, installing in a lab 2-3 times from scratch with different setups, or you can get training from some Ruckus partner.

We routinely train customers in SmartZone setup and configuration basics as part of any implementation project, it takes 2-3 days and is done remotely. Any IT project  should include training and SZ implementation is not an exception.

Today, you are not limited to partner in your town, as you can use services on global scale, just find somebody who has experience (obviously your current supplier is no good to get training, but there are a lot of better available).

Official Rep

 • 

1.2K Messages

 • 

17K Points

@eizens_putnins 

Very impressing and detailed response!

I appreciate your help and participation in forum threads!

Thanks for sharing your great experience to all of us!

Regards,

Syamantak Omer

Official Rep | Staff TSE | CWNA | CCNA | RASZA | RICXI

Follow me on Linkedin

24 Messages

 • 

330 Points

@eizens_putnins 

Thanks for the info.  I have a plan but what I need is some info from Ruckus, more business-related than technical.

I was hoping @darrel_rhodes Would be able to get me in touch with someone.

Thanks,

Matt

167 Messages

 • 

3K Points

@matthew_kopishke 

what business related info are you looking for?

Employee

 • 

333 Messages

 • 

6.4K Points

@matthew_kopishke 

Hey Matt,

I did ask for someone (your local Ruckus SE) to contact you. Apologies they haven't been in touch, I'll chase it up now!

Best,
Darrel.

24 Messages

 • 

330 Points

@david_black_5940365 

I'm looking for a W9.  Pretty much I would like to take advantage of CommScope's direct license renew process.  They allow for POs but without a W9 I can't add them as a vendor.

I made all sorts of attempts to contact them over the winter and couldn't get a response.  Email, phone, smoke signal, you name it...

Matt

24 Messages

 • 

330 Points

2 m ago

Just to clarify, my issues and my complaints are not of a technical nature, it's on the business side.  

A W9 is a tax document I need in order to use Commscope as a vendor.  Just part of doing business in the education/non-profit world. 

My last experience with a Support Engineer was quite good, much better than the last few I had to deal with.  Most of my complaints have to do with getting hardware replaced.  The process took weeks to complete.  I did talk to some folks at Ruckus about it and they said the cases were not handled correctly so let hope the next time won't be so bad.

I think what I'm looking for here has been really over complicated thought maybe that's my fault for switching topics.

I did get an email from the local account manager so I think I'll be able to get most of my questions taken care of.

Thank you all for your help, 

Matt

Important Announcement