Managing Secure Access Node from a Cluster

Table 88 describes the information displayed on the Status tab and the various management tasks you can perform including disabling, enabling, and removing a Secure Access device node from a cluster.

Table 88: Cluster Status Page Information

User Interface Element

Description

Status Information

Displays the cluster name, type, configuration, internal VIP, and external VIP for an active/passive cluster.

Add Members

Specifies a device to add the cluster. You must perform this step for device systems you intend to add to the cluster. By clicking this button, you can add multiple nodes at the same time.

Enable

Adds a node that was previously disabled. When you add a node, all stated information is synchronized on the node.

Disable

Disables a node within the cluster. The node retains awareness of the cluster, but does not participate in state synchronizations or receive user requests unless members sign in to the node directly.

Remove

Removes the selected node or nodes from the cluster. Once removed, the node runs in standalone mode.

Fail-Over VIP

Fails over the VIP to the other node in the active/passive cluster. This option is enabled only if cluster is configured as Active/passive.

Member Name

Lists all nodes belonging to the cluster. You can click a node to modify its name and network settings.

Internal Address

Shows the internal IP address of the cluster member using Classless Interdomain Routing (CIDR) notation.

External Address

Shows the external IP address of the cluster member using CIDR notation. Note that this column only shows the external IP address of the cluster leader unless you specify a different address for the node on its individual network settings page, which is accessible by clicking its name in the Member Name column. If you change the external IP address on the Network > Network Settings page, the change affects all cluster nodes.

Status

Shows the current state of the node:

  • Green light/enabled—The node is handling user requests and participating in cluster synchronization.
  • Yellow light/transitioning—The node is joining cluster or a FIPS node has joined a cluster but the cluster’s key store remains to be imported onto the node's HSM.
  • Red light/disabled—The node is not handling user requests or participating in cluster synchronization.
  • Red light/enabled, unreachable—The node is enabled, but due to a network issue, it cannot be reached.

The current state of the node (light color) does not reflect failures in the external interface connectivity. Such failures are logged as events.

Note: A node’s state is considered “standalone” when it is deployed outside of a cluster or after being removed from a cluster.

Notes

Shows the status of the node’s connection to the cluster:

  • OK—The node is actively participating in the cluster.
  • Transitioning—The node is switching from the standalone state to the enabled state.
  • Unreachable—The node is not aware of the cluster. A cluster member may be “unreachable” even when it is online and can be pinged. Possible reasons include:
    • Password is incorrect.
    • It does not know about all cluster nodes.
    • It is configured with a different group communication mode.
    • It is running a different service package version.
    • The machine is turned off.

Sync Rank

Specifies the synchronization order for nodes when rejoining a cluster. Accepts sync ranks from 0 (lowest rank) to 255 (highest rank). The highest rank takes precedence. Where two nodes have identical sync ranks, the alpha-numeric rank of the member name is used to determine precedence.

Note: This option is available only with a Central Manager license.

Update

Updates the sync rank after you change the precedence of the nodes in the Sync Rank column.

Related Documentation