Ensuring PKI Services Manager Availability
PKI Services Manager can support certificate authentication requests from multiple PKI Services Manager client applications. To help ensure that client applications have reliable access to PKI Services Manager certificate authentication services, consider the following approaches:
- Define a round-robin DNS entry for the PKI Services Manager host name, or place the PKI Services Manager host behind a load balancing server.
Note: To support either of the above options, you need to use the same port and same key pair on all PKI Services Manager systems. To ensure that each of your PKI Services Manager servers returns the same validation for all certificates, make sure that all servers have identical trust anchors, configuration settings, and mapping files.
- If you are connecting from a Reflection for Secure IT server for Windows, add multiple instances of PKI Services Manager to the PKI servers list. This configuration helps ensure availability of at least one PKI server, and also balances the load among the available PKI servers.
Note: To ensure that each of your PKI Services Manager servers returns the same validation for all certificates, make sure that all servers have identical trust anchors, configuration settings, and mapping files.
- Configure PKI Services Manager to run in a Microsoft cluster environment.
Note: Although this configuration requires installing PKI Services Manager on Windows computers in a Microsoft cluster, you can use this approach to support PKI Services Manager clients running on any platform. For example, you might install PKI Services Manager in a Microsoft cluster to ensure reliable PKI server availability to Reflection for Secure IT clients and servers running on UNIX hosts.