Cluster Configuration
Configure a cluster from the Clustering option in the UI. Configure each member in the cluster individually then activate the cluster by turning on synchronization. The exception to this rule is the configuration of third-party authentication, which is replicated.
capam32
Configure a cluster from the Clustering option in the UI. Configure each member in the cluster individually then activate the cluster by turning on synchronization. The exception to this rule is the configuration of third-party authentication, which is replicated.
You configure the cluster on a Primary Site member.
Follow these steps:
- SelectConfiguration,Clustering.The Clustering page appears with theLocal Settingstab selected.
- Generate a Shared Key by entering aPassphraseand selectingGenerate Key, unless you use another method to do so. Thiscryptographic key ensures secure communications between the clustered appliances. All members in the cluster must use the same key value. The Generate Key button is disabled in FIPS Mode, and you must provide theKey.
- Select the interface that is used for communications between the clustered appliances and clickSave Config Locally. The same interface must be used by all the clustered members.
- Select theGlobal Settingstab.
- UnderMulti-Site, determine the behavior of the secondary site when the primary site is unavailable. To change the behavior globally, first turn off the cluster. The options for the secondary site are:
- Operationally Safe
- Users can view passwords from the localPAMdatabase.
- Users can continue to access devices and create sessions to devices.
- All workflow functions are disabled. These functions are check-in/check-out, dual authorization, credential rotation, Service Desk integration, reason to view credentials.
- Security Safe
- Users cannot create sessions to devices that are configured for auto-logon using Credential Manager.
- Users cannot view passwords.
- Optionally, select theDisaster Recovery tabto define the behavior of anindividualsecondary site member in case the primary site fails. For a secondary member to behave in Operationally Safe mode, keep theRun Secondary Site in Operationally Safe Modecheckbox selected. To run in Security Safe mode, clear this checkbox.
- Use the buttons underSiteson the Global Settings tab to add primary and secondary sites and administer them. Add a site manually or load the configuration from an existing cluster member.
- Add– See Add a Cluster Site to add a new cluster site manually.
- Load Configuration from Member– Use this buttonto add a member to an existing cluster. Clustering must already be operational to add a member.To add a member to a cluster, follow these steps:
- While logged on to the member, clickLoad Configuration from Member.
- In the resulting window, enter the IP address of an existing member of the cluster, and clickOK.The Clustering page gets information from the existing member and displays it.
- Select a secondary site and clickAdd IPto join it.
- ClickSubscribe to Active Cluster. The new cluster member begins synchronization by pulling data from the primary cluster.
- Replication Analysis.This button opens a new window that provides guidance on which secondary site is the most up-to-date. This information helps you decide which secondary site to promote to become the primary. The status only appears when the cluster is off.
Once the cluster is on, the configuration is not visible. Click
View Cluster Settings
to open the Cluster Settings window showing read-only settings. Reset a Cluster (Optional)
To remove a cluster configuration and all the members, click
Reset
. Use caution when resetting a cluster as the entire configuration is deleted.A cluster site must have at least two members. To delete one member from a site with only two members, take
one
of the following actions:- ClickResetto remove both members and begin a new cluster configuration.
- Add a new member for a total of three members then delete the member that you no longer want.
Cluster Tuning
Use cluster tuning
only
with the direction of Broadcom Support
. To change configuration items that are not already visible on the Clustering page, follow these steps:- Ensure that the Cluster is off.
- Go to theConfiguration,Diagnostics,Systempage.
- Find Cluster Tuning Mode. Click the On button.
- Go to theConfiguration,Clusteringpage.
- Select theCluster Tuningtab.
- Inspect and modify the following settings as directed byBroadcom Support:
- Cluster Access Database Consistency Check Period: Configure how often, in minutes, the sync status is updated across the cluster.
- Service API Database Replication Optimization: Change this value only if directed to do so by CA Support.
- Max Number of Queued Replication Records Before Member Deactivation: When a Secondary member loses connectivity with the primary site, it can catch up unless it is missing more than this many transactions.
- Secondary Sites Polling Frequency – Set how often, in seconds, Secondary sites should pull data from the Primary Site. Balance the need for concurrency with network traffic and load on the primary site.
- Secondary Sites Push Frequency – Set how often, in seconds, Secondary sites should push data to the Primary Site. Updates from Secondary members include metric and audit log events, and “My Info” account information. Those updates are then replicated to the secondary sites.