The clustering utility improves data replication among cluster members for moderate to large clusters.
bulklastaccess utility: Controls the synchronization of updates to the last access time field of the internal user table. The last access time changes every time a user accesses the PGP Universal Server; for example, when the client contacts the PGP Universal Server to check for policy. Last access time controls the renewal of key signatures, which is important to maintaining the SMSA. This utility is much faster than the usual database synchronization function.
Beginning in PGP Universal Server version 2.8.1, the utility is pre-installed, but must be manually configured. To configure the utility, you must set up SSH keys on all cluster members, so that they can freely communicate with each other. You must also change a preference that will turn off the usual last access time updates.
Caution: The version pre-installed with PGP Universal Server 2.8.1 has been replaced. Click the attachment below to download the most recent version of the utility.
Once the utility is properly configured, you will not need to manage or adjust them.
Configuring the Utility
The utilities connect directly to the database of the primary server and all of the secondary servers using SSH tunnels. Generate an SSH key on the cluster Primary, then copy that public key to all Secondaries.
Only SuperUser administrators, who can access PGP Universal Server through SSH and have SSHv2 keys associated with their accounts, can set up an SSH key for the cluster members. For more information on administrator types and how to upload an SSHv2 key through the GUI, refer to "Managing Administrator Accounts" in the PGP Universal Server Administrator's Guide.
Setting up SSH keys on all cluster members
1. Connect to the Primary PGP Universal Server through an SSH client, using the SSHv2 key associated with your administrator account. 2. Generate a SSH key for the primary server:
ssh root@yourprimaryserver ssh-keygen -t rsa
3. Accept the default values when prompted. 4. Use SSH to copy the Primary's public key file to each Secondary:
You must use the single quotation marks as shown around the cat command.
Note: Adding a PGP Universal Server administrator overwrites the /root/.ssh/authorized_keys file. Save the /root/primary_rsa.pub key, so that you can transfer the Primary's public key to Secondaries again if the key file is overwritten.
Changing the last access time update preference
1. Connect to the Primary PGP Universal Server through an SSH client, using the SSHv2 key associated with your administrator account. 2. Edit the file /etc/ovid/prefs.xml file. Set the cluster-bulk-last-access-updates preference to "true."
This setting turns off the usual last access time update process, and enables the bulklastaccess utility to run instead.
3. Restart the PGP Universal Server to make the change take effect. 4. Repeat this process for each Secondary.