About Controller Clusters
Cluster settings are located on the Manage > Cluster: Cluster Settings page.
Clusters simplify the process of configuring multiple controllers for large deployments or high-availability deployments. They also enable you to share a pool of licenses across Client Accelerator endpoints, where, even if one controller uses all its installed licenses or one controller fails, the license pool remains available.
Before adding a controller to a cluster, ensure that these items are in place:
• Base licenses are pooled among all cluster members; therefore, you must install the same set of base licenses on all cluster members: for example, CIFS, MAPI, SSL, and so forth. For details on managing Client Accelerator licenses, see
Maintaining Client Accelerator Controller. • Ensure that SSL trust can be established between all controllers in the cluster. Generally, this trust is done by sharing the Signing CA certificate of cluster members. Prior to joining the cluster, you can export the existing signing CA, including the private key for the controller. For details on exporting signing CAs, see
To export an existing certificate. • Import the signing CA and private key of the other cluster members to the controller. Prior to joining the cluster, you must replace (import) the existing signing CA, including the private key, for the controllers in the cluster (one file in PEM or PKCS12 format
). For details on replacing (importing) existing signing CAs, see
To replace a Client Accelerator signing CA. • The controller you want to add has valid IP address or a fully qualified domain name, and it has connectivity to the other cluster members.
Using clusters, endpoints can connect to any controller in a cluster and have the same configuration and administrative experience because policies and other controller configuration settings are synchronized across the cluster. You can configure cluster-wide settings on any cluster member, and these settings propagate across the cluster. However, node-specific settings must be configured locally on each controller in the cluster.
Peering certificates can be clustered, but the Signing CA and other settings under SSL are node-specific. Other node-specific settings include the Client Accelerator hostname and IP address.
A controller connects to a cluster in steps. First it sends a request to join the cluster to any existing cluster member. If accepted, it begins the process of joining a cluster. Settings of the controller joining the cluster are deleted during the joining process, and the joining controller synchronizes its configurations with that of the cluster. When the connection process finishes and synchronization is complete, the controller is a cluster member. This table describes the different connection status indicators:
Status | Description |
Joining | The controller is joining a cluster member. |
Connecting | The controller is connecting to a cluster member. |
Connected, Syncing | The controller is connected to a cluster member and is configuring its settings to match the cluster’s settings. |
Connected, Synced | The controller is connected to a cluster member and has finished changing its settings to match the cluster’s settings. |
Disconnected | The controller can’t connect with the specified cluster member. |
Disconnected, Denied | The cluster member is actively denying connections to the local controller. |
For clusters with more than three nodes, we recommend that you don’t use less than 2 GB for the size of the data partition.
After you join a cluster, the configuration settings on the controller are replaced by those shared in the cluster. When you change shared settings on your controller, those changes propagate through the cluster. This table lists features shared cluster members:
Feature | Description |
Policies | All policy settings propagate throughout the cluster. |
Packages | Packages created on any member controller are available to all endpoints and controllers in the cluster. |
Assignments and Group Settings | All group assignments and settings propagate throughout the cluster. |
Adapter List | List of available interfaces. |
Endpoint Reports | The Endpoint reports for any cluster member shows all endpoints connected to the cluster. You can also enable aggregated statistics across cluster members on the Cluster page. For details, see
Enabling aggregated statistics across cluster members. |
License Pooling | Base licenses must be installed on each controller in the cluster. Cluster members share licenses. |
Peering Certificates | Establishes a trust relationship for the SSL peering certificates of all controllers in the cluster. |
Port Labels | Port labels created on any member controller are available to all endpoints and controllers in the cluster. |
Monitored Ports | Monitored port configuration settings made on any member controller are applied to all endpoints and controllers in the cluster. |