User guide

CHAPTER 7

Clusters

•

Joining a Cluster on page 27

•

Deploying a Cluster in a Secure Access FIPS Environment on page 28

Joining a Cluster

Joining a cluster involves using both the admin console and serial console. To join a

cluster:

1. If you have not already done so, define and initialize a cluster

If you are currently running stand alone appliances that you want to cluster, we

recommend that before you create a cluster, you first configure system and user

settings on one machine. After doing so, use the same machine to create the cluster.

This machine joins the cluster as part of the creation process. When other Secure

Access devices join the cluster, this machine propagates its configuration to the new

cluster member.

2. Before you can add an appliance to a cluster, you need to make its identity known to

the cluster.

3. Join the appliance to the cluster through the admin console or through the serial

console.

•

When joining a node to a cluster using the serial console, you are prompted for the

cluster keystore’s restore password. If the restore password fails, enter 9 to select

FIPS Option and then enter 1 to select Complete import of keystore and server

certificates.

When a cluster is created on a node, the node’s keystore becomes the cluster’s

keystore. Any node joining the cluster must import the cluster’s keystore. You need

the current keystore restore password to do this.

4. When you see the message confirming that the machine has joined the cluster, click

the System > Clustering > Cluster Status tab in the admin console of any active cluster

member.

5. When all nodes have exited from the “Transitioning” state, connect to the serial console

of each node that has a non-CL license and enter 9 to select FIPS Options and then

1 to select Complete import of keystore and server certificates.

6. Enter the cluster keystore restore password.