For the list of all supported Decision Insight downloads and releases, see the Downloads page.

Primary/Replica settings

General configuration

Configuring SSO or LDAP on replica nodes (RN) has no effect as authentication is only done on the primary node (PN).

Default protocol/cipher suite

By default, TLS communication is configured to use TLSv1.2 protocol and TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 cipher suite.

Parameter Default value Description

com.systar.electron.type

STANDALONE

Node type:

  • STANDALONE
  • PRIMARY
  • REPLICA

com.systar.electron.host

no default value, must be configured

Host / IP of the PN, as seen in the internode communication network.

com.systar.electron.localhost

no default value

Host / IP of the RN, as seen in the internode communication network.

No value means all interfaces.

com.systar.electron.port

9010

Communication port to:

  • produce redolog
  • checkpoint transfer
  • distributed computings

com.systar.electron.cache.primary.port

9030

Session sharing/replication relies on an active/active cache where one of its port is defined here:

  • The PN listens on this port for incoming requests from RNs.
  • RNs require this setting for contacting the PN.

com.systar.electron.cache.replica.port

9030

Session sharing/replication relies on an active/active cache where one of its port is defined here:

  • The PN doesn't need this setting.
  • The RNs require this setting in order to stay in contact with the PN.

Default value matches to the port on the primary server.
(except if the primary and replicas node are collocated on the same server for some demo purposes).

com.systar.electron.cache.communication.port

9000
Session sharing/replication relies on an active/active cache whose one of its port is defined here.
Both primary and replica nodes require this setting and will listen for some requests on this port.
Change this value if several nodes are collocated on the same server (for some demo purposes).

com.systar.calcium.maxLag

2000 In milliseconds.Threshold used to define if an RN is correctly synchronized or late compared to the PN.

com.systar.krypton.distributedcomputing.primaryComputingEnable

true

(Only for the PN)

Activates the distributed computing feature on this primary. Set to false to deactivate distributed computing on that node.

com.systar.krypton.distributedcomputing.replicaComputingEnable

true

(Only for RN(s))

Activates the distributed computing feature on this replica. Set to false to deactivate distributed computing on that node.

com.systar.krypton.distributedcomputing.startExecutionTimeout

60

(Only for the PN)

Timeout in seconds the PN waits for the start of a computing on an RN before executing the computing locally.

com.systar.krypton.distributedcomputing.executorSize

0

Maximum number of threads available for distributed computing on distributed nodes (RN or PN if seen as distributed node)

If the value is equal to 0, the number of threads is equal to the number of cores of the computer.

com.systar.electron.tls.enabled

false

Activate TLS to secure communications between primary and replicas.

com.systar.electron.tls.keystore.keyPassword

no default value

Keystore Key Password

must be configured on primary and replica if TLS is enabled.

com.systar.electron.tls.keystore.type

JKS


Keystore type (JKS or PKCS12)

must be configured on primary and replica if TLS is enabled.

com.systar.electron.tls.keystore.location

no default value


Keystore location

must be configured on primary and replica if TLS is enabled.

com.systar.electron.tls.keystore.password

no default value

Keystore password

must be configured on primary and replica if TLS is enabled.

com.systar.electron.tls.truststore.type

JKS


Truststore type (JKS or PKCS12)

must be configured on primary and replica if TLS is enabled.

com.systar.electron.tls.truststore.location

no default value


Truststore location

must be configured on primary and replica if TLS is enabled.

com.systar.electron.tls.truststore.password

no default value

Truststore password

must be configured on primary and replica if TLS is enabled.

Secure Primary/Replica communications

Primary/Replica communications can be encrypted.

When encryption is enabled, for security purpose, the mutual authentication is activated so that:

  • The primary node authenticates replica nodes that connect on it
  • The replica nodes check the endpoint identification (primary node)

This mutual authentication is done using keystores and truststores on both side.

The KeyStore Manager tool can be easily used to generate keystores and truststores.

Configuration

The following are the configuration requirements:

  • Replicas and Primary must have a truststore and a keystore.
  • The Subject Alternative Name used (SAN) for the PN must match the electron hostname used on RNs; a verification is done.

Here is an example of how to generate truststores and keystores with KeyStore Manager:

Truststore are parametrized with a CA certificate. This CA certificate is also used to validate all the keys.

  KeyStore Manager commands
ksm createCA ADI-CA -password changeit
ksm createHostKey -ca ADI-CA -password changeit myprimary -dns myprimary.mydomain.com
ksm createHostKey -ca ADI-CA -password changeit myreplica -dns myprimary.mydomain.com
ksm exportHostKey -ca ADI-CA -password changeit -format JKS -exportpassword changeit myprimary 
ksm exportHostKey -ca ADI-CA -password changeit -format JKS -exportpassword changeit myreplica


Then, in the conf directory of each node, you can copy the corresponding truststore and keystore and update the platform.properties file like below:

  Primary configuration - platform.properties
com.systar.electron.type=PRIMARY
com.systar.electron.host=myprimary.mydomain.com
com.systar.electron.tls.enabled=true
com.systar.electron.tls.keystore.location=${com.systar.platform.conf.dir}/myprimary_keystore.jks
com.systar.electron.tls.keystore.password=changeit
com.systar.electron.tls.keyPassword=changeit
com.systar.electron.tls.truststore.location=${com.systar.platform.conf.dir}/ADI-CA_truststore.jks
com.systar.electron.tls.truststore.password=changeit
  Replica configuration - platform.properties
com.systar.electron.type=REPLICA
com.systar.electron.host=myprimary.mydomain.com
com.systar.electron.tls.enabled=true
com.systar.electron.tls.keystore.location=${com.systar.platform.conf.dir}/myreplica_keystore.jks
com.systar.electron.tls.keystore.password=changeit
com.systar.electron.tls.keyPassword=changeit
com.systar.electron.tls.truststore.location=${com.systar.platform.conf.dir}/ADI-CA_truststore.jks
com.systar.electron.tls.truststore.password=changeit

Related Links