Digital Vault Cluster (High Availability)

In addition to the system requirements listed in Digital Vault Server, you must also apply the requirements listed below for cluster environments.

CyberArk Digital Cluster Vault server for Windows

The minimum requirements for the CyberArk Digital Cluster Vault Server are as follows:

Requirement

Description

Operating system

  • Windows 2019

  • Windows 2016

Servers

You can install the Vault as a standalone installation on virtual machines, and use virtual availability solutions offered by various vendors.

 

Only a physical installation of a Cluster Vault is supported.

Both nodes must have the same amount of physical memory.

If the two nodes do not have the same amount of physical memory, update the innodb_log_file_size parameter in the my.ini file of the second node and specify the same value as in the first node.

Both nodes must be connected directly via a private network or cross-over cable.

  • Both nodes in the cluster must be installed in the same data center.
  • This network must contain only the Vault Cluster machines in order to keep the Vault Cluster isolated and secure.

Shared storage that supports the SCSI3 protocol.

  • CyberArk recommends using SAN with Fibre channel, which is faster and more reliable.
  • Use GPT and MBR disks, not dynamic disks.
  • Multipath I/O (MPIO) is supported for shared storage.

Quorum disk

Multipath I/O (MPIO) for the Quorum disk is only supported in the Failover Only policy mode (active/passive). All other MPIO policies are not supported.

 

Setting the Policy mode to a non-supported mode, will lead to Vault database corruption, and will require re-installation of the cluster.

NIC configuration for the private network

You must use crossover cables for the private network. Only NIC Teaming in an Active-Passive configuration is allowed. For more information about configuring the NIC teaming, see https://docs.microsoft.com/en-us/windows-server/networking/technologies/nic-teaming/create-a-new-nic-team.

 

NIC teaming in load balancing mode is not allowed.

Each Vault Cluster server must have only one static IP, in the same subnet as the virtual IP.

 

The clocks on both nodes must be synchronized.

 

Mandatory protocols

WMI - The Cluster Vault Manager uses WMI to mount shared partitions and for quorum communication.