KeyControl Nodes and Clusters

When you install KeyControl, the process creates a KeyControl node that can operate singly or be joined with other KeyControl nodes to form an active-active cluster. These nodes can be installed in different geographic locations, but they must be able to communicate with each other and with the Policy Agent installed on the encrypted servers associated with the cluster.

All KeyControl nodes in a cluster share configuration settings, keys, and policy information. Changes made on one node are automatically synced to all nodes in the cluster through an encrypted object store. This provides a failover mechanism in case a KeyControl node becomes unreachable.

The KeyControl nodes constantly exchange heartbeats to verify that every node in the cluster is reachable. If all nodes respond to the heartbeats, the cluster is considered "healthy". If one or more nodes stop responding for a given length of time, the cluster is considered "degraded". If a cluster is degraded, the active KeyControl nodes can still serve requests for keys and policies from the associated Policy Agents, but you cannot make changes to the nodes in the cluster.

The heartbeat interval and status thresholds are user-configurable for the cluster. For details, see Setting Cluster Options.