--- title: Enabling dynamic discovery for clustering description: You can enable and configure dynamic discovery setup for clustered PingFederate deployments by editing the run.properties and jgroups.properties files. component: pingfederate version: 13.0 page_id: pingfederate:server_clustering_guide:pf_enabling_dynamic_discovery_clustering canonical_url: https://docs.pingidentity.com/pingfederate/13.0/server_clustering_guide/pf_enabling_dynamic_discovery_clustering.html revdate: March 20, 2026 section_ids: before-you-begin: Before you begin about-this-task: About this task steps: Steps related-links: Related links --- # Enabling dynamic discovery for clustering You can enable and configure dynamic discovery setup for clustered PingFederate deployments by editing the `run.properties` and `jgroups.properties` files. ## Before you begin If your PingFederate deployment has cluster discovery settings in the `tcp.xml` file, migrate those settings to the `jgroups.properties` file. Learn more in [Migrating cluster discovery settings](pf_migrate_cluster_discovery_settings.html). ## About this task | | | | - | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | | If you enable dynamic discovery, you must manually configure or synchronize the dynamic discovery properties in the `run.properties` file and `jgroups.properties` file on each node in the cluster. The files aren't synchronized automatically across the nodes in a cluster, nor is it part of the replicate configuration process.Whenever you add a node to the cluster, perform the following procedure on the new node. | To enable and configure dynamic discovery for clustering: ## Steps 1. Configure the cluster protocol properties in the `/pingfederate/bin/run.properties` file. See the file's inline comments and the following table. | Property | Description | | ---------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `pf.operational.mode` | Configure the operational mode of the PingFederate node. The value `CLUSTERED_CONSOLE` denotes an administrative console node. The value `CLUSTERED_ENGINE` denotes a runtime engine node.A PingFederate cluster has only one administrative console node. When you scale your PingFederate infrastructure, set the `pf.operational.mode` property value to `CLUSTERED_ENGINE` to deploy additional PingFederate runtime engine nodes. | | `pf.cluster.tcp.discovery.initial.hosts` | Remove any configured value. No IP addresses are required here. | | `pf.cluster.transport.protocol` | Set the value to `tcp`. | | `pf.cluster.*` | See the inline comments to configure the rest of the `pf.cluster.*` property values. | 2. Configure dynamic discovery properties in the `/pingfederate/bin/jgroups.properties` file. See the file's inline comments and the following tables. | Property | Description | | ---------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `pf.cluster.NATIVE_S3_PING.region_name` | The name of the region in which discovery should be attempted.If no region is specified, only nodes in the same region as this node can be discovered. | | `pf.cluster.NATIVE_S3_PING.bucket_name` | The name of the bucket in your Amazon S3 environment.You can find more information about buckets in the [Create a bucket documentation](https://docs.aws.amazon.com/AmazonS3/latest/userguide/create-bucket-overview.html) from Amazon. | | `pf.cluster.NATIVE_S3_PING.remove_all_data_on_view_change` | When set to `true` (the default), JGroups cleans up data when it detects a view change.Learn more in [Reliable group communication with JGroups](http://jgroups.org/manual4/index.html). | | `pf.cluster.NATIVE_S3_PING.write_data_on_find` | Default value of `true` resolves the issue where subclusters could fail to merge after a network partition. | | Property | Description | | ------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `pf.cluster.DNS_PING.dns_query` | A DNS query to the DNS Server that obtains information about the cluster members. For example, `jgroups-dns-ping.myproject.svc.cluster.local`.Learn more in [Reliable group communication with JGroups](http://jgroups.org/manual4/index.html). | | Property | Description | | --------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `pf.cluster.AWS_PING.port_number` | The port on which PingFederate listens for cluster communication.The default value is `$\{pf.cluster.bind.port}`, which pulls the value defined by the `pf.cluster.bind.port` property in the `/pingfederate/bin/run.properties` file. | | `pf.cluster.AWS_PING.port_range` | The number of additional ports that PingFederate can probe when attempting to connect to other nodes in the event that it fails to connect to the port specified by the `port_number` property.For example if the `port_number` property is `7600`, a `port_range` property value of `0` means PingFederate will only try to connect at port 7600. If the `port_range` property value is set to `2`, PingFederate will make up to two additional attempts, with the port value increasing by one each time. For example, if PingFederate fails to connect at port 7600, it will try at port 7601. If it fails again, it will try at port 7602.The default value is `0`. | | `pf.cluster.AWS_PING.regions` | A comma-separated list of EC2 regions in which PingFederate will attempt discovery.If no regions are specified, only nodes in the same region as this node can be discovered. List all regions where you have nodes running.You can find more information about regions in the AWS documentation on [Regions, Availability Zones, and Local Zones](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html). | | `pf.cluster.AWS_PING.tags` | A comma-separated list of EC2 tag names.When specified, only EC2 instances that have been assigned with the specified tags can be discovered. If multiple tags are specified, only EC2 instances that have been assigned with all tags can be discovered.You can find more information about tags in the [EC2 resources documentation](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html) in the AWS documentation. | | `pf.cluster.AWS_PING.filters` | A semi-colon separated list of key-value pairs of system metadata.When specified, only EC2 instances that match the specified filters can be discovered. If multiple filters are specified, only EC2 instances that match all filters can be discovered.Note that you can enter a comma-separated list of values for each filter. In this case, a filter is considered a match if one of the values is satisfied. For example, if you enter: `filters="instance-type=t2.small,t2.medium;architecture=x86_64"`, then only EC2 instances that have an `instance-type` of either `t2.small` or `t2.medium` and also an `architecture` of `x86_64` can be discovered.You can find more information about filters in the [describe-instances documentation](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/ec2/describe-instances.html) from Amazon. | | `pf.cluster.AWS_PING.access_key` and `pf.cluster.AWS_PING.secret_key` | The access key and its secret key for the purpose of querying AWS for EC2 instances.Applicable and required only if permissions to `ec2:Describe*` actions are associated with the access key.Keys can be encrypted using the `obfuscate` utility (`obfuscate.bat` for Windows or `obfuscate.sh` for Linux), located in the `/pingfederate/bin` directory | | `pf.cluster.AWS_PING.log_aws_error_messages` | When set to `true` (the default), error messages received from AWS are logged to the server log. | | Property | Description | | --------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `pf.cluster.SWIFT_PING.auth_type` | The authentication type. | | `pf.cluster.SWIFT_PING.auth_url` | The authentication URL. | | `pf.cluster.SWIFT_PING.username` and `pf.cluster.SWIFT_PING.password` | The security credentials.Password can be encrypted using the `obfuscate` utility (`obfuscate.bat` for Windows or `obfuscate.sh` for Linux), located in the `/pingfederate/bin` directory. | | `pf.cluster.SWIFT_PING.tenant` | The name of your OpenStack Keystone tenant. | | `pf.cluster.SWIFT_PING.container` | The name of the root container.You can find more information about each of the `SWIFT_PING` properties in the JGroups [SWIFT\_PING](http://jgroups.org/manual/index.html#_swift_ping) documentation. | | `pf.cluster.SWIFT_PING.remove_all_data_on_view_change` | When set to `true` (the default), JGroups cleans up data when it detects a view change.Learn more in the JGroups [FILE\_PING](http://jgroups.org/manual/index.html#FILE_PING) documentation. | 3. Start or restart PingFederate. 4. Repeat these steps for each node in the cluster. ## Related links * [Dynamic cluster discovery](pf_dynamic_cluster_discovery.html)