Adding a cluster relationship enables two clusters, a target and a source cluster, to automatically synchronize user keychains. Cluster relationships enable high availability of keychain data among geographically distributed clusters, and facilitate recovery in case of disaster.
Note: This information does not apply to the identity router embedded in RSA Authentication Manager.
Before you begin
- You must be a Super Admin in the Cloud Administration Console.
- At least two clusters must exist in your RSA SecurID Access deployment.
- Each cluster must contain at least one fully configured identity router.
- Each cluster must have high availability (HA) enabled.
- Decide which cluster will be the source cluster, and which will be the target cluster. Consider the following factors.
- During disaster recovery, the target cluster provides recovery data for the source.
- For HA relationships, clusters can be source and target for each other. For bidirectional HA, a second cluster relationship designates cluster B as the source, and cluster A as the target. For unidirectional HA, one cluster relationship designates cluster A as the source cluster, and cluster B as the target cluster.
- In the Cloud Administration Console, click Platform > Clusters.
- Click Cluster Relationships.
- From the Source Cluster drop-down list, select a cluster from which to send keychain data to be synchronized on the target cluster.
- From the Target Cluster drop-down list, select the cluster to receive and synchronize the keychain data locally. The Port field is read-only and displays the listening port on the target cluster.
- In the Timeout field, specify the number of seconds that the source cluster attempts to synchronize with an unresponsive target cluster before failing.
- To add another cluster relationship, click ADD and repeat steps 3 through 5.
- Click Save.
- (Optional) To publish this configuration change and immediately activate it on the identity router, click Publish Changes.