Database Security supports running the Database Security Server in a cluster to provide high availability and performance.
Before you set up a cluster between your Database Security Servers, perform the following preliminary steps:
- Install Database Security Server to work with an external database.
- Install additional Database Security Servers on other cluster computers.
NOTE: Select the Internal database during installation.
- Stop all Database Security Servers.
To configure the Database Security Server to work in Cluster mode, perform the following steps:
- Click Start, Run, type explorer, and click OK.
- Navigate to <Server Installation Directory>/conf.
- Rename the file server-cluster-example.xml to server-cluster.xml.
- Right-click the file server-cluster.xml and click Edit.
- Edit the file so it contains information about all servers you intend to use in the cluster, in the following format:
<servers>
<server>
<!-- either ip or host name -->
<host>hostname1</host>
<!-- https listen port of the server -->
<port>8443</port>
<id>0</id>
</server>
<server>
<host>hostname2</host>
<port>8443</port>
<id>1</id>
</server>
</servers>
NOTE: Each server XML element must contain the following fields:
- host: The host name or IP address of the Database Security Server
- port: The https port of the Database Security Server
- id: A unique ID for each server, in the range 0–999
The Database Security Server that has been migrated to work with an external database must be assigned an ID value of 0. The ID mustn't be changed after it's assigned to a server.
- Copy the file <Database_Security_Server_installation_dir>\conf \server-cluster.xml to all servers in the cluster.
- On the server working with an external database, edit your server-custom.properties file located in the <Database_Security_Server_installation_dir>\conf directory. The following optional parameters can be added:
- server.server.address: If the server has different internal and external IP addresses, configure the internal IP address here (as the server sees itself).
Example:
server.server.address=192.168.150.111
- server.cluster.ip.whitelist: A list of IP addresses, which are the only ones allowed to connect to the cluster, separated by semicolons.
Example:
server.cluster.ip.whitelist=127.0.0.1;192.168.150.23
- server.cluster.secret: A shared secret for all computers in the cluster. Each server agrees to receive connect requests only from other servers in the cluster that have the same secret. If not specified, a default internal secret is used.
Example:
server.cluster.secret=mysecret
- server.cluster.keystore: An alternative keystore location, if you want to use a location other than the one in the server.xml file (located in the <McAfee Database Security Server install dir>\conf directory).
Example:
server.cluster.keystore=C:\Program Files\McAfee\server\httpsKeystore\.keystore
- server.cluster.keystore.type: The type of alternative keystore used.
Example:
server.cluster.keystore.type=JKS
- server.cluster.keepalive: The time in milliseconds after which the server assumes that another cluster computer is down, if it hasn't received a connection request from it. The default value is 60,000.
Example:
server.cluster.keepalive=100000
- Copy the server-custom.properties file to all other servers in the cluster.
- Restart all cluster servers.