- 4 minutes to read
Configure a cluster
- 4 minutes to read
- Update all cluster members and ensure they use the same senhasegura version.
- Activate a license for each instance in the Affinity Portal.
- Make sure all instances can connect to the backup device.
- Connect all instances to the same network and make sure they can communicate with each other. To learn more about performing this step, visit How to Set Up the Network and Hostname and Server Settings.
- Open the following ports in the Firewall of all instances:
- TCP (22, 443, 3306, 4444, 4567, 4568, 59022 e 9300)
- UDP (4567)
How to create a cluster
- Download senhasegura's application from the Virtual Appliances section in the PAM Solution Center.
- Change the default application password.
- Configure the application's Hostname.
- Configure the NTP Server.
- Configure the DNS Server.
- Configure the Network.
- Create a backup.
- Back up your data and take a snapshot of each instance.
The following steps can be used to create a new cluster or add instances to an existing cluster.
- Go to Orbit Config Manager ➔ Replication ➔ Settings.
- Change the Operating Mode to Cluster and enable replication.
- Enable the File Synchronizer and set the Sync Timeout.
- Add the IP address of each instance in the cluster.
You will have to repeat this step on all members of the cluster. Remember always to add the IP addresses in the same order.
- Specify whether the Members are in different data centers.
- Set a recovery screen display message in case of failures.
- Click Save.
- Click Yes to confirm that you want to change the settings of your database and reboot the service.
Before moving on to the next cluster member, wait for the complete reboot of the current instance. This process also reboots the application's database and updates it to the latest configuration. Go to Orbit Config Manager ➔ Replication ➔ Status to check whether your cluster has been successfully created before proceeding to the next instance.
- If this is the primary instance, click on Take over as Primary.
Each cluster accepts only one primary instance. If the primary instance fails, assign another instance as the primary.
After each instance is added to the cluster, the system reboots and updates the database to complete the changes. Remember that each additional cluster member receives the same password as the primary member. To learn more, see also: Cluster Architecture.
Switch between instances automatically
You can enable and disable senhasegura instances remotely through HTTP requests. An instance is inactive and removed from load-balancing processes if it is under maintenance or unavailable.
To set up a list of IP addresses that are allowed to manage instances remotely:
- Go to Orbit Config Manager ➔ Settings ➔ Recovery
- Enable the parameter: Allow Remote System Wakeup.
- Under Allowed source IPs for remote system activation, add the IP addresses with permission to send HTTP requests.
- Click Save.
Repeat these steps on all members of the cluster.
Now, these IP addresses can connect to your monitoring URL GET /flow/orbit/mntr .E.g., https://mysenhasegura/flow/orbit/mntr.
This URL displays the current state of the instance:
- HTTP 200: The application is active and available to users.
- HTTP 203: The application is active and available to users but is not the cluster's primary.
- HTTP 403: The application has been deactivated and is unavailable to users.
- HTTP 451: Expired activation license.
- HTTP 503: Application unavailable.
For example, if the administrator intentionally disables a particular member of the cluster, this member starts responding to load balancer requests as HTTP 403, and the load balancer stops redirecting user traffic to this instance. On the other hand, if an instance loses communication with the other members of the cluster, its database becomes unavailable, and this instance starts to send the HTTP 503 status to the load balancer, which, in turn, stops forwarding traffic to that particular instance.
Enable and disable instances automatically
Another useful feature of senhasegura clusters is the possibility to control which instances should be automatically activated and deactivated from an external system. Imagine a scenario where the load of an entire network must be redirected to a backup data center. In this case, the instance associated with the backup data center must be active and ready to receive a full load of requests, whereas the current instance must lose its role as the primary member of the cluster.
You can switch between instances using the activation/deactivation URLs below.
Activating an instance
This process makes an instance active and available to users as long as you have a valid activation license. If successful, this instance becomes the new primary member of the cluster, replacing the previous one. All the other instances are deactivated automatically.
Deactivating an instance
Makes an instance inactive. If this is the primary member of the cluster, please note that no other member of the cluster is automatically assigned as the new primary instance. Other inactive instances are not automatically re-activated either.
You should constantly monitor which instances are currently active and inactive in your cluster. Accidentally shutting down all instances at once will lead to a complete halt of user operations.