When joining one Encryption Management Server to another in order to create a cluster, you do the following:
- Ensure that each server can resolve the name and IP address of the other using nslookup. Ensure that both forward and reverse name lookup is configured correctly. In other words, a command like nslookup keys.example.com will return the IP address of keys.example.com and nslookup 10.0.0.2 will return the name keys.example.com.
- Ensure that the network Interface (by default Interface 1) of each server has an SSL certificate associated with it.
- Ensure that each server trusts the SSL certificate of the other. To do this, ensure that the issuing certificates are listed in the administration console under Keys / Trusted Keys and trusted for SSL.
- In the administration console of the sponsor, navigate to System / Clustering.
- Click on the Add button to add the name of the joiner server. Always use the FQDN and not the IP address.
- In the administration console of the joiner, navigate to System / Clustering.
- Click on the Join Cluster button and add the FQDN of the sponsor (not its IP address).
- On the sponsor server, click the Contact button.
- The database of the sponsor is exported and replicated to the joiner where it is imported. Depending on the size of the database this may take some time.
You may find that although the cluster join seems to work, in the administration console of the sponsor, the status of the joiner reverts to Pending.