High Availability (HA)

The Cloud Extender® supports High Availability configuration for the Certificate Integration module. Configure multiple instances of the Cloud Extender with the same certificate template for Active-Active HA configuration.

HA configuration for Certificate Integration module involves importing the same certificate on all active Cloud Extenders in the HA cluster.

The IBM® MaaS360® Portal balances the load for generating certificates and renewal requests among the active Cloud Extenders by using a round-robin method. The following diagram illustrates HA configuration with two Cloud Extenders:
High Availability for certificates

If you must enable certificate caching for a multiple Cloud Extender setup, the certificate storage path must be a common file share that both Cloud Extenders can write to and share. Even though certificates that are stored on the network share are encrypted with Cloud Extender template level passwords, you can restrict further access to this file share to a specific service account. You can then run the Cloud Extenders for Certificate Integration as that service account by using the Advanced mode from the Cloud Extender Configuration Tool.