Configuring HyTrust KeyControl in a HA Cluster

Now that you have you deployed and configured your first KeyControl appliance. You can continue with setting up KeyControl in a High Availability (HA) cluster. In order to do this, we’ll need to deploy a second KeyControl appliance into the environment. The following steps assume you have already deployed and configured the primary KeyControl appliance covered in my previous blog post here: HyTrust Quick Install Guide

Set up HyTrust KeyControl in an HA configuration

As before, after you have powered on the second KeyControl appliance you’ll need to specify a new password, then press enter on your keyboard.

Since this is the second KeyControl node that will be added, press Y on your keyboard, then press enter.

Enter the IP address or hostname of the primary KeyControl appliance, then press Enter.

Enter a 16 character passphrase, select OK, then press enter on your keyboard.
NOTE: This passphrase will only be used to initially authenticate the cluster. This passphrase will be hashed out in the WebGUI when trying to authenticate.

You’ll see the following screen on the secondary KeyControl console prompting you to move over to the primary KeyControl’s WebGUI to complete the clustering process. At this point, I’d recommend you place your web browser and KeyControl appliance side by side (example shown below) so you can see what the process actually looks like as you authenticate on the HTML5 WebGUI. Let’s continue.

Assuming you are already logged into the primary WebGUI ( in my example), Click on the cluster button that is displaying the number “1” inside the orange plug, then select the secondary node that is showing as a Join Pending state from the list so that it’s highlighted, click the Actions drop-down button, then click on Authenticate.

Enter the 16 character passphrase you specified earlier in the console, then click the Authenticate button.

In the console window, you’ll start to see the authentication and clustering process. In the WebGUI, you’ll see the cluster button display the number 2 inside the red x and the secondary node as unreachable. This process will take between 30 – 60 seconds. Just be patient.

When the process is complete, log out of the console window. On the WebGUI, you’ll see the number 2 displayed inside a green heart, indicating a healthy cluster. However, your secondary node may still show unreachable. Simply click on the Refresh button on the upper right-hand corner to refresh the page.

That’s it! You now have a health HyTrust KeyControl HA cluster sitting in an active\active state.

Leave a Reply