Configuring Clustering for Load Balancing and Failover

Depending on your network topology, you might want to use the special separator characters together to suit more complex configuration scenarios. For example, you might configure the maximum of three tiers for your cluster, but support load balancing within each tier. To illustrate this scenario, you might have appliances with the following IP addresses:

  • First tier: 192.168.1.2:192.168.1.3
  • Second tier: 192.168.1.4:192.168.1.5
  • Third tier: 192.168.1.6:192.168.1.7

When configuring communication for these tiers, you would specify the addresses and tiers like this:

192.168.1.2:192.168.1.3|192.168.1.4:192.168.1.5|192.168.1.6:192.168.1.7

This example would be translated to the following key server instances:

KMIP_IP.1=192.168.1.2:192.168.1.3 KMIP_IP.2=192.168.1.4:192.168.1.5 KMIP_IP.3=192.168.1.6:192.168.1.7

The connectors will always try to connect to the appliances in the first tier, distributing the workload to both the 192.168.1.2 and 192.168.1.3 appliances. If the appliance with the IP address 192.168.1.2 goes down, all connector traffic is routed to the appliance with the IP address 192.168.1.3. The connector will continue to use only the appliances in the first tier as long as there are appliances available in that tier. If no appliances are available in the first tier—that is, both 192.168.1.2 and 192.168.1.3 become unavailable—the connector will try to connect to the appliances in the second tier.

In most cases, the appliances in different tiers are configured in separate sites, so that appliances in the first tier are closest in the network topology to the client computer—in this case, the connectors—to ensure the best performance. Appliances in the second and third tiers might be in remote sites where the performance is poorer but are only used as a matter of last resort if no appliances in the primary tier are available.

Because clustering support is implemented using the SafeNet KeySecure client libraries, you should refer to your KeySecure documentation for additional information about configuring an appliance cluster.