Skip to content

Configure Clustering

Using a Server Cluster

You can configure PKI Services Manager to run in a Microsoft cluster environment. The Microsoft cluster service helps ensure that applications that require certificate validation services have continuous access to PKI Services Manager, even if one computer within the cluster becomes unavailable.

To run in a cluster, you install the PKI Services Manager on multiple nodes, and create a cluster group. This group defines shared resources that can be used by any node in the group. For PKI Services Manager, these shared resources include a shared disk; the PKI Services Manager IP address and DNS name; and the PKI Services Manager service. At any given time, only one node has ownership of the shared resources. If that node fails, the PKI Manager service is started on a different node and that node takes over the shared resources.

cluster

In the cluster above, if the PKI Manager service fails on Node 1, Node 2 acquires the shared resources and the service is started on the new node. At this point, Node 1 no longer has access to resources within the group. PKI Services Manager continues to run using the same configuration, so no change is apparent to clients establishing a new connection.

Note

Any active connections to PKI Services Manager are disconnected when a failover occurs.

Configuring a PKI Services Manager Cluster

To configure a cluster, you must be running the server in a Microsoft cluster environment. The Microsoft cluster service is required to manage access to shared resources.

  1. Install the PKI Services Manager on each node of your cluster.
  2. Stop the services if it is running. For cluster configuration, the service should not be running until after the cluster is correctly configured.

To complete configuring the cluster

  1. Open the Microsoft cluster management tool.
  2. Create a cluster group for PKI Services Manager.

  3. Add the following items to the PKI Services Manager cluster group.

    • Physical Disk - Location of the PKI Services Manager data folder
    • IP Address - The IP address used by the server.
    • Network Name - The host name used by the server.

  4. Add the PKI Services Manager service to the cluster group using the following settings:

    • Resource Type - Generic Service
    • Generic Service Parameters - Set service name equal to: Micro Focus Reflection PKI Services Manager and enable this setting: Use network name for computer name
    • Dependencies - Add the following resources: Physical Disk IP Address Network Name
    • Registry Replication - Add this HKEY_LOCAL_MACHINE key: SOFTWARE\Micro Focus\ReflectionPKI.

  5. If you are running Windows 2008, follow these steps. It ensures that incorrect parameters are not added to the PKI Services Manager service startup command.

    • On the computer you are using to configure the cluster, open a command window as an administrator. (Start > All Programs > Accessories, right-click Command Prompt > Run as administrator.)
    • Enter the following command: cluster res "Micro Focus Reflection PKI Services Manager" /priv
    • If any startup parameters are configured, enter the following to clear the parameters: cluster res "Micro Focus Reflection PKI Services Manager" /priv StartupParameters=""
    • Repeat step b to verify that there are now no startup parameters configured.

Configure PKI Services Manager

  1. Open the PKI Services Manager console on the active node of your cluster group.
  2. From the File menu, select Set Data Folder.
  3. Select Use custom.

  4. Set Data folder to a local folder on the shared physical disk you have set up as part of your cluster group, select Enable fail-over cluster support, and click OK.

    If you have existing settings, you can elect to have these settings copied over automatically to any new location that doesn't already have PKI Services Manager settings present.

  5. Configure any additional PKI Services Manager settings you want for the server.

  6. Check to be sure that no files or folders configured for use by PKI Services Manager reside on any individual node in your cluster. This ensures that files accessed by users will remain available after a failover. All locally required files should be in the specified base directory. This includes the certificate store, keys, configuration file, map files, and OCSP certificates (if used).

  7. After the cluster is correctly configured, start the service: either from the console or using the Microsoft cluster management tool.