--- title: Start ASE cluster description: To setup an ASE cluster, the following four steps must be completed: component: pingintelligence version: 5.1 page_id: pingintelligence:api_security_enforcer:pingintelligence_start_ase_cluster canonical_url: https://docs.pingidentity.com/pingintelligence/5.1/api_security_enforcer/pingintelligence_start_ase_cluster.html revdate: April 3, 2024 --- # Start ASE cluster To setup an ASE cluster, the following four steps must be completed: ![Image of steps to start an ASE cluster](../../5.2/_images/hpb1564009004868.png) **Pre-requisites** 1. Obtain list of IP addresses and ports required for ASE cluster nodes 2. Enable NTP on your system. 3. If adding an existing ASE instance to a cluster, backup the ASE data first. When a node is added to a cluster, it synchronizes the data from the other nodes and overwrites existing data. **To setup an ASE cluster node:** 1. Navigate to the `config` directory 2. Edit `ase.conf` file: 1. Set `enable_cluster=true` for all cluster nodes. 2. Make sure that the value in the parameter `mode` is same on each ASE cluster node, either `inline` or `sideband`. If the value of mode parameter does not match, the nodes will not form a cluster. 3. Edit the `cluster.conf` file 1. Configure `cluster_id` with an identical value for all nodes in a single cluster (for example, `cluster_id=shopping`) 2. Enter port number in the `cluster_management_port` (default port is 8020) parameter. ASE node uses this port number to communicate with other nodes in the cluster. 3. Enter an IPv4 address or hostname with the port number for the `peer_node` which is the first (or any existing) node in the cluster. Keep this parameter empty for the first node of the cluster. 4. Provide the obfuscated `cluster_secret_key`. All the nodes of the cluster must have the same obfuscated `cluster_secret_key`. This key must be entered manually on each node of the cluster for the nodes to connect to each other. 5. For the first node of the ASE cluster, `peer_node` should be left empty. On other nodes of the ASE cluster, enter the IP address or the hostname of the first cluster in the node in the `peer_node` variable. Here is a sample `cluster.conf` file: ``` ; API Security Enforcer's cluster configuration. ; This file is in the standard .ini format. The comments start with a semicolon (;). ; Section is enclosed in [] ; Following configurations are applicable only if cluster is enabled with true in ase.conf ; unique cluster id. ; valid character class is [ A-Z a-z 0-9 _ - . / ] ; nodes in same cluster should share same cluster id cluster_id=ase_cluster ; cluster management port. cluster_manager_port=8020 ; cluster peer nodes. ; a comma-separated list of hostname:cluster_manager_port or IPv4_address:cluster_manager_port ; this node will try to connect all the nodes in this list ; they should share same cluster id peer_node= ; cluster secret key. ; maximum length of secret key is 128 characters (deobfuscated length). ; every node should have same secret key to join same cluster. ; this field cannot be empty. ; change default key for production. cluster_secret_key=OBF:AES:nPJOh3wXQWK/BOHrtKu3G2SGiAEElOSvOFYEiWfIVSdummoFwSR8rDh2bBnhTDdJ:7LFcqXQlqkW9kldQoFg0nJoLSojnzHDbD3iAy84pT84 ``` After configuring an ASE node, start the node by running the following command: ``` /opt/pingidentity/ase/bin/start.sh ```