Clustering
Clusters define a collection of servers that operate as if they were a single machine. A cluster pair is used to refer to a cluster of two units and a multiunit cluster refers to a cluster of more than two units. Once two or more units are joined in a cluster, they act as one unit.
The following figure shows two ISA series devices deployed as a cluster pair:
Access management framework supports two types of clusters:
•Load balancing clusters or active/active clusters
•Failover clusters or active/passive clusters
Ivanti recommends using standalone nodes or clusters of a maximum of 2 nodes behind a load balancer.
Ivanti Security Appliance (ISA)/ISA-V does not support clusters containing more than two nodes for ICS
Cluster Configuration
In the course of setting up user configuration on A/A or A/P cluster nodes, if the ICS admin imports the user binary configuration on the leader node, and if you sync to the non-leader nodes, regardless of the configurations present in the user binary. It is recommended to use the "cluster restart service option" to ensure that all processes and components on both nodes launch correctly with the new configuration.
Workaround
Delete and add the connection profile. This operation causes dsagentd to refresh the connection profile data again, once the dsagentd is updated with new information it works correctly, and a service restart is recommended. If a connection profile is added, deleted, or modified during cluster use, it is noticed that dsagentd automatically reloads the connection profile accurately across all nodes.
- After initial cluster setup and config sync, restart the service.
- No need to restart the service if changes are made via GUI on the leader node.
- In a split cluster rejoining:
- Without config changes: no service restart needed.
- With config changes: service restart recommended.
For details about the configuration, various deployment scenarios, reports, etc. refer to the Clustering Configuration Guide .