---
title: Setting up an ASE cluster
description: Complete the following steps to setup an API Security Enforcer (ASE) cluster.
component: pingintelligence
version: 5.2
page_id: pingintelligence:pingintelligence_reference_guide:pingintelligence_start_ase_cluster
canonical_url: https://docs.pingidentity.com/pingintelligence/5.2/pingintelligence_reference_guide/pingintelligence_start_ase_cluster.html
revdate: April 3, 2024
section_ids:
  before-you-begin: Before you begin
  about-this-task: About this task
  steps: Steps
  example: Example:
  example-2: Example:
---

# Setting up an ASE cluster

Complete the following steps to setup an API Security Enforcer (ASE) cluster.

## Before you begin

You must:

1. Obtain a list of Internet Protocol (IP) *(tooltip: \<div class="paragraph">
   \<p>The method by which data is sent across the internet from the source host to the destination host.\</p>
   \</div>)* addresses and ports required for ASE cluster nodes.

2. Enable Network Time Protocol (NTP) on your system.

3. Back up the ASE data if you're adding an existing ASE instance to a cluster.

|   |                                                                                                                |
| - | -------------------------------------------------------------------------------------------------------------- |
|   | When a node is added to a cluster, it synchronizes the data from the other nodes and overwrites existing data. |

## About this task

The following diagram provides an overview of the basic steps to setup and start an ASE cluster.

![Flowchart of steps to start an ASE cluster](../_images/hpb1564009004868.png)

To setup an ASE cluster node:

## Steps

1. Go to the `config` directory.

2. Edit the `ase.conf` file:

   1. Set `enable_cluster=true` for all cluster nodes.

   2. Make sure that the value in the parameter `mode` is the same on each ASE cluster node, either `inline` or `sideband`.

      |   |                                                                                   |
      | - | --------------------------------------------------------------------------------- |
      |   | If the value of mode parameter does not match, the nodes will not form a cluster. |

3. Edit the `cluster.conf` file:

   1. Configure `cluster_id` with an identical value for all nodes in a single cluster.

      ### Example:

      `[.parmname]`cluster\_id=`[.option]`shopping\`\`\`\`

   2. Enter the port number in the `cluster_management_port` parameter.

      The ASE node uses this port number to communicate with other nodes in the cluster.. The default port is 8020.

   3. Enter an IPv4 address or host name with the port number for the `peer_node`, which is the first (or any existing) node in the cluster.

      |   |                                                              |
      | - | ------------------------------------------------------------ |
      |   | Keep this parameter empty for the first node of the cluster. |

   4. Provide the obfuscated `cluster_secret_key`.

      All the nodes of the cluster must have the same obfuscated `cluster_secret_key`. You must enter this key manually on each node of the cluster for the nodes to connect to each other.

   5. For the first node of the ASE cluster, `peer_node` should be left empty. On other nodes of the ASE cluster, enter the IP address or the host name of the first cluster in the node in the `peer_node` variable.

      ### Example:

      The following is a sample `cluster.conf` file:

      ```
      ; API Security Enforcer's cluster configuration.
      ; This file is in the standard .ini format. The comments start with a semicolon (;).
      ; Section is enclosed in []
      ; Following configurations are applicable only if cluster is enabled with true in ase.conf
      ; unique cluster id.
      ; valid character class is [ A-Z a-z 0-9 _ - . / ]
      ; nodes in same cluster should share same cluster id
      cluster_id=ase_cluster
      ; cluster management port.
      cluster_manager_port=8020
      ; cluster peer nodes.
      ; a comma-separated list of hostname:cluster_manager_port or IPv4_address:cluster_manager_port
      ; this node will try to connect all the nodes in this list
      ; they should share same cluster id
      peer_node=
      ; cluster secret key.
      ; maximum length of secret key is 128 characters (deobfuscated length).
      ; every node should have same secret key to join same cluster.
      ; this field cannot be empty.
      ; change default key for production.
      cluster_secret_key=OBF:AES:nPJOh3wXQWK/BOHrtKu3G2SGiAEElOSvOFYEiWfIVSdummoFwSR8rDh2bBnhTDdJ:7LFcqXQlqkW9kldQoFg0nJoLSojnzHDbD3iAy84pT84
      ```

4. After configuring an ASE node, start the node by running the following command:

   ```
   /opt/pingidentity/ase/bin/start.sh
   ```