The configuration includes setting the pa.operational.mode property on each node. Do not modify this property until directed to do so.

  1. Install PingAccess on each cluster node.
Perform steps 2-7 for the administrative node.
  1. Open conf/run.properties in an editor and change the pa.operational.mode value to CLUSTERED_CONSOLE.
  2. Start PingAccess.
  3. Create and assign a new key pair for the CONFIG QUERY listener.
    1. Click Security and then go to Key Pairs.
    2. Click + Add Key Pair.
    3. In the Alias field, enter a unique alias for the key pair.
    4. In the Common Name field, enter the DNS name of the administrative node.
    5. Optional: If you plan to use a replica administrative node in the cluster, enter both the DNS name of the replica administrative node and the DNS name of the administrative node in the Subject Alternative Names, or configure as a wildcard certificate.
      Note:

      You can use an IP address as the common name or in the subject alternative names, as long as those values are used in the administrative node fields on the Administrative Nodes configuration page.

    6. In the Organization field, enter the organization or company name creating the certificate.
    7. Optional: In the Organization Unit, City, and State fields, enter additional details about the organization.
    8. In the Country field, enter the country where the organization operates.
    9. In the Valid Days field, enter the number of days that the certificate is valid.
    10. In the Key Algorithm section, select an algorithm, then select a Key Size and Signature Algorithm.
    11. Click Save.
    12. Click Security and then go to Key Pairs.
    13. Click the Pencil icon, then click Assign HTTPS Listener for the key pair.
    14. Use the drop-down list to select the CONFIG QUERY HTTPS listener.
    15. Click Save.
  4. Configure the administrative node settings.
    1. Click Settings and then go to Clustering > Administrative Nodes.
    2. In the Host field in the Primary Administrative Node section, define the primary administrative node as a host:port pair.

      The host must be a resolvable DNS name for the node or the node's IP address. The port is the TCP port PingAccess listens to for the administrative interface. The default port is 9090.

  5. Create and assign a new key pair for the ADMIN listener.
    1. Click Security and then go to Key Pairs.
    2. Click + Add Key Pair.
    3. In the Alias field, enter a unique alias for the key pair.
    4. In the Common Name field, enter the DNS name of the administrative node.
    5. Optional: Subject Alternative Names, or configure as a wildcard certificate.
      Note:

      You can use an IP address as the common name or in the subject alternative names, as long as those values are used in the administrative node fields on the If you plan to use a replica administrative node in the cluster, enter both the DNS name of the replica administrative node and the DNS name of the administrative node in the Administrative Nodes window.

    6. In the Organization field, enter the organization or company name creating the certificate.
    7. Optional: In the Organization Unit, City, and State fields, enter additional details about the organization.
    8. In the Country field, enter the country where the organization operates.
    9. In the Valid Days field, enter the number of days that the certificate is valid.
    10. In the Key Algorithm section, select an algorithm, then select a Key Size and Signature Algorithm.
    11. Click Save.
    12. Click Security and then go to Key Pairs.
    13. Click the PencilIf you plan to use a replica administrative node in the cluster, enter icon, then click Assign HTTPS Listener for the key pair.
    14. From the drop-down list, select the ADMIN HTTPS listener.
    15. Click Save.
  6. Restart PingAccess.
Perform steps 8-11 for the replica administrative node, if one has been configured.
  1. Configure the replica administrative node settings.
    1. Click Settings and then go to Clustering > Administrative Nodes.
    2. In the Host field in the Replica Administrative Node section, define the replica administrative node as a host:port pair.

      The host must be a resolvable DNS name for the node or the node's IP address. The port is the TCP port PingAccess listens to for the administrative interface. The default port is 9090.

    3. In the Replica Administrative Node Trusted Certificate dropdown, select the key pair created in step 4.
    4. Click Save & Download to download the replica administrative node configuration file.
    5. Copy the replica1_data.zip file to the replica administrative node.
      Note:

      If you add a replica administrative node after you deploy the cluster, you must update the configuration for each engine node.

  2. Extract replica1_data.zip in the PA_HOME directory.
  3. Open conf/run.properties in an editor and change the pa.operational.mode value to CLUSTERED_CONSOLE_REPLICA
  4. Start PingAccess on the replica administrative node.
For each engine node, perform steps 12-18.
  1. Click Settings and then go to Clustering > Engines.
  2. Click Add Engine.
  3. After defining the engine's parameters, click Save & Download to download the engine configuration zip file.
  4. Copy <engine_name>_data.zip to the engine node.
  5. On the engine node, extract <engine_name>_data.zip in the <PA_HOME> directory.
  6. On the engine node, open conf/run.properties in an editor and change the pa.operational.mode value to CLUSTERED_ENGINE.
  7. Start PingAccess on the engine node.

Go to Settings > System > Clustering to check your cluster's status. If everything is configured properly, the cluster engine nodes and optional replica administrative node should show a green status icon, indicating that the cluster is operational.

You can optionally configure each node to run PingAccess as a service set to automatically run when the node is started. For more information about configuring PingAccess as a service, see the installation documentation.