Page created: 1 Nov 2021 |
Page updated: 3 May 2022
For production environments, Ping Identity recommends setting up a cluster of ASE nodes for improved performance and availability.
Note: Enable NTP on each ASE node system. All cluster nodes must be in the same time zone.
To setup an ASE cluster node:
- Navigate to the config directory
- Edit ase.conf file:
enable_cluster=truefor all cluster nodes.
- Confirm that the parameter mode is the same on each ASE cluster node, either inline or sideband. If parameter mode values do not match, the nodes will not form a cluster.
- Edit the cluster.conf file:
- Configure cluster_id with an identical value for all
nodes in a single cluster (for example,
- Enter port number in the cluster_manager_port parameter. ASE node uses this port number to communicate with other nodes in the cluster.
- Enter an IPv4 address or hostname with the port number for peer_node which is the first (or any existing) node in the cluster. Keep peer_node empty for the first cluster node.
- Provide the cluster_secret_key which must be the same in each cluster node. It must be entered on each cluster node before the nodes to connect to each other.
Here is a sample cluster.conf file:
; API Security Enforcer's cluster configuration. ; This file is in the standard .ini format. The comments start with a ; semicolon (;). ; Section is enclosed in  ; Following configurations are applicable only if cluster is enabled ; with true in ase.conf ; unique cluster id. ; valid character class is [ A-Z a-z 0-9 _ - . / ] ; nodes in same cluster should share same cluster id cluster_id=ase_cluster ; cluster management port. cluster_manager_port=8020 ; cluster peer nodes. ; a comma-separated list of hostname:cluster_manager_port or ; IPv4_address:cluster_manager_port ; this node will try to connect all the nodes in this list ; they should share same cluster id peer_node= ; cluster secret key. ; maximum length of secret key is 128 characters (deobfuscated length). ; every node should have same secret key to join same cluster. ; this field can not be empty. ; change default key for production. cluster_secret_key=OBF:AES:nPJOh3wXQWK/BOHrtKu3G2SGiAEElOSvOFYEiWfIVSdu
- Configure cluster_id with an identical value for all nodes in a single cluster (for example,
- After configuring an ASE node, start the node by running the following