Setting Cluster Options

  1. Log into the KeyControl webGUI using an account with Domain Admin privileges.

  2. In the top menu bar, click Cluster and specify the options you want to use.

    Option

    Description

    Description

    A user-defined description for the cluster.

    Status

    The status of the cluster. If this is Healthy, all KeyControl nodes are functioning normally. If this is Degraded, KeyControl can still serve requests for keys and policies from the associated Policy Agents, but you cannot make changes to the nodes in the cluster.

    Group Administrator

    The KeyControl administration group to which this cluster belongs. You cannot change this field.

    Backup Hosts

    The hostnames or IP addresses of systems that are allowed to access the KeyControl backup directory through NFS. (0.0.0.0 means any server can have access.)

    Any time you back up KeyControl, it automatically stores the backup file in a folder called /hcs/backup. If you issue an NFS mount command to that directory from another server, you can access any of the backup files. Make sure these backup images are securely stored in case you ever need to restore KeyControl. For details, see KeyControl Backup and Restore.

    Cluster Operation Timeout

    The amount of time that a KeyControl node waits to receive a response from another KeyControl node. If a response is not received by the specified timeout, the KeyControl cluster goes into degraded mode, which indicates a network connectivity problem.

    Enter a value between 1 and 30 seconds. (Default: 5 seconds.)

    If a KeyControl cluster frequently switches between degraded state and healthy state, you can increase this timeout. We recommend, however, that you keep the timeout as short as possible.

    Note: Typically, network latency is measured in milliseconds. Based on the clusters we have deployed at Amazon, the network latency from Northern California to Oregon was under ~100ms, North Virginia to Oregon was around ~200ms, and Northern California to Ireland was over ~280ms. The values varied based on time of day and the day of the week, but all values were considerably less than 5 seconds. If delays are consistently above 5 seconds, there is a network problem somewhere or a node is down.

    Allow Reconnect

    If set to Yes, nodes that have been authenticated successfully will, when restarted, attempt to automatically reconnect to the KeyControl cluster. If Check Hardware ID is set to Yes, the hardware check must pass before reconnection is allowed.

    If set to No, any KeyControl node that restarts must be manually authenticated by a Domain Admin.

    The default is Yes, which is the most permissive. For maximum system security, set this option to No.

    Require Authentication Passphrase

    If set to Yes, when you instruct a KeyControl node to join or re-join an existing cluster, you must specify a one-time passphrase on the KeyControl node itself. When you then authenticate the new node through the KeyControl webGUI in the existing cluster, you must enter the same passphrase in the webGUI that you entered on the new KeyControl node. This provides an out-of-band assurance that the node is valid and should be allowed to join.

    If set to No, no passphrase is required and the node is automatically added to the cluster without any additional verification required.

    Important: The default is Yes. We recommend you do not change this option unless your environment has other security measures in place.

    Hide Authentication Passphrase

    If set to Yes, the authentication passphrase is masked when the Domain Admin enters it in the KeyControl Installation TUI (Text-based User Interface).

    If set to No, the authentication passphrase is shown in plain text as the Domain Admin enters it.

    The default is No.

    Check Hardware ID

    If set to Yes, when a KeyControl node attempts to reconnect with the cluster, KeyControl checks a collection of hardware signatures to validate that the node is the same one that was previously disconnected. If the validation fails, the node must be manually authenticated by a Domain Admin.

    If set to No, KeyControl does not validate the hardware ID when a node reconnects.

    The default is Yes. We recommend you do not change this option without direct guidance from HyTrust support.

    Heartbeat Timeout

    The number of seconds to wait for a KeyControl heartbeat response between KeyControl nodes in the cluster. If this time is exceeded, the heartbeat fails.

    Enter a value between 2 and 15 seconds. (Default: 3 seconds.)

    Healthy Interval

    The number of seconds between successful KeyControl heartbeats for the cluster to be considered healthy.

    Enter a value between 1 and 10 seconds. (Default: 1 second.)

    Degraded Interval

    The number of seconds between failed KeyControl heartbeats for the cluster to be considered degraded.

    Enter a value between 1 and 10 seconds. (Default: 1 second.)

    Healthy Threshold

    The number of successful consecutive heartbeats that must occur before KeyControl determines that a degraded cluster is now healthy.

    Enter an integer between 2 and 10. (Default: 2.)

    Degraded Threshold

    The number of failed consecutive heartbeats that must occur before KeyControl determines that a healthy cluster is now degraded.

    Enter a value between 2 and 10. (Default: 2.)

    Any changes you make are communicated to all nodes in the cluster and take effect immediately.