Add a Cluster Relationship

Document created by RSA Information Design and Development Employee on Jul 13, 2016Last modified by RSA Information Design and Development Employee on Oct 20, 2020
Version 54Show Document
  • View in full screen mode

Adding a cluster relationship enables two clusters, a target and a source cluster, to automatically synchronize user keychains. Cluster relationships enable high availability of keychain data among geographically distributed clusters, and facilitate recovery in case of disaster.

Note:  This information does not apply to the identity router embedded in RSA Authentication Manager.


Before you begin

  • You must be a Super Admin in the Cloud Administration Console.
  • At least two clusters must exist in your RSA SecurID Access deployment.
  • Each cluster must contain at least one fully configured identity router.
  • Each cluster must have high availability (HA) enabled.
  • Decide which cluster will be the source cluster, and which will be the target cluster. Consider the following factors.
    • During disaster recovery, the target cluster provides recovery data for the source.
    • For HA relationships, clusters can be source and target for each other. For bidirectional HA, a second cluster relationship designates cluster B as the source, and cluster A as the target. For unidirectional HA, one cluster relationship designates cluster A as the source cluster, and cluster B as the target cluster.


  1. In the Cloud Administration Console, click Platform > Clusters.
  2. Click Cluster Relationships.
  3. From the Source Cluster drop-down list, select a cluster from which to send keychain data to be synchronized on the target cluster.
  4. From the Target Cluster drop-down list, select the cluster to receive and synchronize the keychain data locally.
    The Port field is read-only and displays the listening port on the target cluster.
  5. In the Timeout field, specify the number of seconds that the source cluster attempts to synchronize with an unresponsive target cluster before failing.
  6. To add another cluster relationship, click ADD and repeat steps 3 through 5.
  7. Click Save.
  8. (Optional) To publish this configuration change and immediately activate it on the identity router, click Publish Changes.


After publishing, keychain synchronization occurs in the background. Each time keychain credentials in the source cluster are changed, a new synchronize operation updates the target cluster.




Previous Topic:Cluster Relationships
You are here
Table of Contents > Clusters, High Availability, and Backups > Add a Cluster Relationship