Active and passive administrative nodes
PingFederate allows you to create an active admin console and one or more passive backup admin consoles.
The active admin node houses the admin console on which you interact with PingFederate and that governs PingFederate functions.
Passive admin consoles live on alternate server nodes. Their configurations are regularly synchronized to match the configuration of the active admin node.
When passive admin consoles are synchronized, PingFederate copies the changes to configuration and connection files from the active admin console to the passive console nodes, similar to the way replication works. When you promote a passive console to active, it has the same configuration and can seamlessly take over your PingFederate cluster.
Most administrative functions are disabled on passive nodes. The following command line tools are available on passive nodes:
-
calculatehash.sh/.bat -
clusterkey.sh/.bat -
collect-support-data.sh/.bat -
obfuscate.sh/.bat -
logfilter.sh/.bat -
configkeymgr.sh/.bat
The following tools will return incorrect results and should not be used on passive nodes:
-
provmgr.sh/.bat -
hsmpass.sh/.bat -
usercount.sh/.bat
You can manually promote passive nodes to active status using either the user interface or the admin API.
|
You can only have one active admin console at a time in your PingFederate cluster. |