Configure a PKI Services Manager Cluster

To configure a cluster, you must be running the server in a Microsoft cluster environment. The Microsoft cluster service is required to manage access to shared resources.

Install PKI Services Manager on each node of your cluster

  1. Install PKI Services Manager.
  2. Stop the service if it is running.

    Note: For cluster configuration, the service should not be running until after the cluster is correctly configured.

  3. Repeat this on every node that you want to include in your cluster.

Configure the cluster

  1. Open the Microsoft cluster management tool (Failover Cluster Management in Windows 2008 or Cluster Administrator in Windows 2003).
  2. Create a cluster group for PKI Services Manager.
  3. Add the following items to the PKI Services Manager cluster group.

    Resource Type

    Description

    Physical Disk

    Location of the PKI Services Manager data folder.

    IP Address

    The IP address used by the server.

    Network Name

    The host name used by the server.

     

  4. Add the PKI Services Manager service to the cluster group using the following settings:

    Settings

    Values

    Resource Type

    Generic Service

    Generic Service Parameters

    Set service name equal to:
    Attachmate Reflection PKI Services Manager

    Enable this setting:
    Use network name for computer name

    Dependencies

    Add the following resources:
    Physical Disk
    IP Address
    Network Name

    Registry Replication

    Add this HKEY_LOCAL_MACHINE key:
    SOFTWARE\Attachmate\ReflectionPKI

    (If your nodes are 64-bit systems use the key should be SOFTWARE\Wow6432Node\Attachmate\ReflectionPKI.)

     

  5. Do this step only if you are running Windows 2008. It ensures that incorrect parameters are not added to the PKI Services Manager service startup command.
    1. On the computer you are using to configure the cluster, open a command window as an administrator. (Start > All Programs > Accessories, right-click Command Prompt > Run as administrator.)
    2. Enter the following command:

      cluster res "Attachmate Reflection PKI Services Manager" /priv

    3. If any startup parameters are configured, enter the following to clear the parameters:

      cluster res "Attachmate Reflection PKI Services Manager" /priv StartupParameters=""

    4. Repeat step b to verify that there are now no startup parameters configured.

Configure PKI Services Manager

  1. Open the PKI Services Manager console on the active node of your cluster group.
  2. From the File menu, select Set Data Folder.
  3. Select Use custom.
  4. Set Data folder to a local folder on the shared physical disk you have set up as part of your cluster group, select Enable fail-over cluster support, and click OK.

    Note: If you have existing settings, you can elect to have these settings copied over automatically to any new location that doesn't already have PKI Services Manager settings present.

  5. Configure any additional PKI Services Manager settings you want for the server.
  6. Check to be sure that no files or folders configured for use by PKI Services Manager reside on any individual node in your cluster. This ensures that files accessed by users will remain available after a failover. All locally required files should be in the specified base directory. This includes the certificate store, keys, configuration file, map files, and OCSP certificates (if used).

Start PKI Services Manager

After the cluster is correctly configured, start the service:

 

To use

Do this

 

The PKI Services Manager console

Open the console on the active node and start the server (Server > Start).

 

The Microsoft cluster management tool

Bring the PKI Services Manager service online.

Related Topics

Using a Server Cluster