Cluster Configuration

Configure a  cluster from the Clustering option in the UI. Configure each member in the cluster individually then activate the cluster by turning on synchronization. The exception to this rule is the configuration of third-party authentication, which is replicated.
capam32
Configure a  cluster from the Clustering option in the UI. Configure each member in the cluster individually then activate the cluster by turning on synchronization. The exception to this rule is the configuration of third-party authentication, which is replicated.
You configure the cluster on a Primary Site member.
Follow these steps:
  1. Select
    Configuration
    ,
    Clustering
    .  
    The Clustering page appears with the
    Local Settings
    tab selected.
  2. Generate a Shared Key by entering a
    Passphrase
    and selecting
    Generate Key
    , unless you use another method to do so. This
    cryptographic key ensures secure communications between the clustered appliances. All members in the cluster must use the same key value. The Generate Key button is disabled in FIPS Mode, and you must provide the
    Key
  3. Select the interface that is used for communications between the clustered appliances and click
    Save Config Locally
    . The same interface must be used by all the clustered members.
  4. Select the
    Global Settings
    tab.
  5. Under
    Multi
    -Site
    , determine the behavior of the secondary site when the primary site is unavailable. To change the behavior globally, first turn off the cluster. The options for the secondary site are:
    • Operationally Safe
      • Users can view passwords from the local
        PAM
        database.
      • Users can continue to access devices and create sessions to devices.
      • All workflow functions are disabled. These functions are check-in/check-out, dual authorization, credential rotation, Service Desk integration, reason to view credentials.
    • Security Safe
      • Users cannot create sessions to devices that are configured for auto-logon using Credential Manager. 
      • Users cannot view passwords.
    Workflow functions are not available when the primary site is down.
  6. Optionally, select the
    Disaster Recovery tab
    to define the behavior of an
    individual
    secondary site member in case the primary site fails. For a secondary member to behave in Operationally Safe mode, keep the 
    Run Secondary Site in Operationally Safe Mode
    checkbox selected. To run in Security Safe mode, clear this checkbox.
  7. Use the buttons under 
    Sites
    on the Global Settings tab to add primary and secondary sites and administer them. Add a site manually or load the configuration from an existing cluster member.
    • Add
       – See Add a Cluster Site to add a new cluster site manually.
    • Load Configuration from Member
        –  Use this button
       
      to add a member to an existing cluster. Clustering must already be operational to add a member. 
      To add a member to a cluster, follow these steps:
      1. While logged on to the member, click
        Load Configuration from Member
        .
      2. In the resulting window, enter the IP address of an existing member of the cluster, and click
        OK
        .
        The Clustering page gets information from the existing member and displays it.
      3. Select a secondary site and click
        Add IP
        to join it.
      4. Click
        Subscribe to Active Cluster
        . The new cluster member begins synchronization by pulling data from the primary cluster.
    • Replication Analysis
      .
       
      This button opens a new window that provides guidance on which secondary site is the most up-to-date. This information helps you decide which secondary site to promote to become the primary. The status only appears when the cluster is off.
Once the cluster is on, the configuration is not visible. Click
View Cluster Settings
to open the Cluster Settings window showing read-only settings. 
Reset a Cluster (Optional)
To remove a cluster configuration and all the members, click
Reset
. Use caution when resetting a cluster as the entire configuration is deleted.
A cluster site must have at least two members. To delete one member from a site with only two members, take
one
of the following actions:
  • Click
    Reset
    to remove both members and begin a new cluster configuration.
  • Add a new member for a total of three members then delete the member that you no longer want.
Cluster Tuning
Use cluster tuning
only
with the direction of 
Broadcom Support
. To change configuration items that are not already visible on the Clustering page, follow these steps:
  1. Ensure that the Cluster is off.
  2. Go to the
    Configuration
    ,
    Diagnostics
    ,
    System
    page.
  3. Find Cluster Tuning Mode. Click the On button.
  4. Go to the
    Configuration
    ,
    Clustering
    page.
  5. Select the
    Cluster Tuning
    tab.
  6. Inspect and modify the following settings as directed by
    Broadcom Support
    :
    1. Cluster Access Database Consistency Check Period: Configure how often, in minutes, the sync status is updated across the cluster.
    2. Service API Database Replication Optimization: Change this value only if directed to do so by CA Support.
    3. Max Number of Queued Replication Records Before Member Deactivation: When a Secondary member loses connectivity with the primary site, it can catch up unless it is missing more than this many transactions.
    4. Secondary Sites Polling Frequency – Set how often, in seconds, Secondary sites should pull data from the Primary Site. Balance the need for concurrency with network traffic and load on the primary site.
    5. Secondary Sites Push Frequency – Set how often, in seconds, Secondary sites should push data to the Primary Site. Updates from Secondary members include metric and audit log events, and “My Info” account information. Those updates are then replicated to the secondary sites.