Setting Cluster Options

  1. Log into the KeyControl Vault Management webGUI using an account with Domain Admin privileges.
  2. In the top right, click the Switch to Appliance Management link.

  3. In the top menu bar, click Cluster.

  4. Specify the options that you want to use: 

    Option

    Description

    Description

    A user-defined description for the cluster.

    Status

    The status of the cluster. If this is Healthy, all KeyControl nodes are functioning normally. If this is Degraded, KeyControl can still serve requests for keys and policies from the associated Policy Agents, but you cannot make changes to the nodes in the cluster.

    Group Administrator

    The KeyControl administration group to which this cluster belongs. You cannot change this field.

    Backup Hosts

    The hostnames or IP addresses of systems that are allowed to access the KeyControl backup directory through NFS. (0.0.0.0 means any server can have access.)

    Any time you back up KeyControl, it automatically stores the backup file in a folder called /hcs/backup. If you issue an NFS mount command to that directory from another server, you can access any of the backup files. Make sure these backup images are securely stored in case you ever need to restore KeyControl. For details, see KeyControl Network Requirements and KeyControl Backup and Restore.

    Backup Over NFS

    Whether backup over NFS is enabled. (Default: disabled.)

    Cluster Operation Timeout

    The amount of time that a KeyControl node waits to receive a response from another KeyControl node. If a response is not received by the specified timeout, the KeyControl cluster goes into degraded mode, which indicates a network connectivity problem.

    Enter a value between 1 and 30 seconds. (Default: 5 seconds.)

    If a KeyControl cluster frequently switches between degraded state and healthy state, you can increase this timeout. We recommend, however, that you keep the timeout as short as possible.

    Note: Typically, network latency is measured in milliseconds. Based on the clusters we have deployed at Amazon, the network latency from Northern California to Oregon was under ~100ms, North Virginia to Oregon was around ~200ms, and Northern California to Ireland was over ~280ms. The values varied based on time of day and the day of the week, but all values were considerably less than 5 seconds. If delays are consistently above 5 seconds, there is a network problem somewhere or a node is down.

    Heartbeat Timeout

    The number of seconds to wait for a KeyControl heartbeat response between KeyControl nodes in the cluster. If this time is exceeded, the heartbeat fails.

    Enter a value between 2 and 15 seconds. (Default: 3 seconds.)

    Healthy Interval

    The number of seconds between successful KeyControl heartbeats for the cluster to be considered healthy.

    Enter a value between 1 and 10 seconds. (Default: 1 second.)

    Degraded Interval

    The number of seconds between failed KeyControl heartbeats for the cluster to be considered degraded.

    Enter a value between 1 and 10 seconds. (Default: 1 second.)

    Healthy Threshold

    The number of successful consecutive heartbeats that must occur before KeyControl determines that a degraded cluster is now healthy.

    Enter an integer between 2 and 10. (Default: 2.)

    Degraded Threshold

    The number of failed consecutive heartbeats that must occur before KeyControl determines that a healthy cluster is now degraded.

    Enter a value between 2 and 10. (Default: 2.)

    Any changes you make are communicated to all nodes in the cluster and take effect immediately.