Setting up an ASE cluster (optional) - PingIntelligence for APIs

Setting up an ASE cluster (optional) - PingIntelligence for APIs - 5.2

PingIntelligence

bundle

pingintelligence-52

ft:publication_title

PingIntelligence

Product_Version_ce

PingIntelligence for APIs 5.2 (Latest)

category

APISecurity

AdvancedAPICybersecurity

Capability

Environment

Product

apisecurity

capability

linux

pi-52

pingintelligence

private

ContentType_ce

For production environments, Ping Identity recommends setting up a cluster of ASE nodes for improved performance and availability.

Enable network time protocol (NTP) on each ASE node system. All cluster nodes must be in the same time zone.

To set up an ASE cluster node:

Navigate to the config directory.
Edit the ase.conf file:
1. Set enable_cluster=true for all cluster nodes.
2. Confirm that the parameter mode is the same on each ASE cluster node, either inline or sideband.
  
  Note:
  If parameter mode values do not match, the nodes will not form a cluster.

Edit the cluster.conf file:

Configure cluster_id with an identical value for all nodes in a single cluster (for example: cluster_id=shopping).
Enter the port number in the cluster_manager_port parameter.

Note:
ASE node uses this port number to communicate with other nodes in the cluster.
Enter an IPv4 address or hostname with the port number for peer_node, which is the first (or any existing) node in the cluster. Keep peer_node empty for the first cluster node.
Provide the cluster_secret_key, which must be the same in each cluster node. It must be entered on each cluster node before the nodes to connect to each other.

Below is a sample cluster.conf file:

; API Security Enforcer's cluster configuration.
; This file is in the standard .ini format. The comments start with a 
; semicolon (;).
; Section is enclosed in []
; Following configurations are applicable only if cluster is enabled 
; with true in ase.conf
; unique cluster id.
; valid character class is [ A-Z a-z 0-9 _ - . / ]
; nodes in same cluster should share same cluster id
cluster_id=ase_cluster

; cluster management port.
cluster_manager_port=8020

; cluster peer nodes.
; a comma-separated list of hostname:cluster_manager_port or 
; IPv4_address:cluster_manager_port
; this node will try to connect all the nodes in this list
; they should share same cluster id
peer_node=

; cluster secret key.
; maximum length of secret key is 128 characters (deobfuscated length).
; every node should have same secret key to join same cluster.
; this field can not be empty.
; change default key for production.
cluster_secret_key=OBF:AES:nPJOh3wXQWK/BOHrtKu3G2SGiAEElOSvOFYEiWfIVSdu

After configuring an ASE node, start the node by running the following command:
```
/opt/pingidentity/ase/bin/start.sh
```