For the list of all supported Decision Insight downloads and releases, see the Downloads page.

Cluster settings

This page lists the different node settings to apply to an Axway Decision Insight (DI) cluster, depending on whether you have a primary/replica (PR) cluster or a high availability (HA) cluster. 

General configuration

Regarding PR clusters

Configuring SSO or LDAP on replica nodes (RN) has no effect as authentication is only done on the primary node (PN).

Default protocol/cipher suite

By default, TLS communication is configured to use TLSv1.2 protocol and TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 cipher suite.

Parameter Default value Description

com.systar.electron.type

STANDALONE

Node type:

  • STANDALONE
  • PRIMARY
  • REPLICA
  • HA 

com.systar.electron.host

no default value, must be configured

Host / IP of the PN, as seen in the internode communication network.

com.systar.electron.port

9010

Communication port to:

  • session sharing
  • produce redolog
  • checkpoint transfer
  • distributed computings
com.systar.electron.ha.host no default value, must be configured
for HA node
Host / IP of the HA Main node, as seen in the internode communication network.
com.systar.electron.ha.token no default value, must be configured
for HA node
Security token used to access HA API

com.systar.calcium.maxLag

2 seconds In milliseconds.Threshold used to define if a RN is correctly synchronized or late compared to the PN.
Possible units are : seconds, minutes. If omitted, scalar is evaluated as milliseconds. 
com.systar.calcium.ha.maxLag 1 minutes In milliseconds.Threshold used to define if a HA backup node is correctly synchronized or late compared to the main node.
Possible units are : seconds, minutes. If omitted, scalar is evaluated as milliseconds.

com.systar.krypton.distributedcomputing.primaryComputingEnable

true

(Only for the PN)

Activates the distributed computing feature on this primary. Set to false to deactivate distributed computing on that node.

com.systar.krypton.distributedcomputing.replicaComputingEnable

true

(Only for RN(s))

Activates the distributed computing feature on this replica. Set to false to deactivate distributed computing on that node.

com.systar.krypton.distributedcomputing.startExecutionTimeout

1 minutes

(Only for the PN)

Timeout in seconds the PN waits for the start of a computing on an RN before executing the computing locally.

Possible units are : seconds, minutes, hours, days. If omitted, scalar is evaluated as seconds.

com.systar.krypton.distributedcomputing.executorSize

0

Maximum number of threads available for distributed computing on distributed nodes (RN or PN if seen as distributed node)

If the value is equal to 0, the number of threads is equal to the number of cores of the computer.

com.systar.electron.tls.enabled

false

Activate TLS to secure communications between primary and replicas.

com.systar.electron.tls.keystore.keyPassword

no default value

Keystore Key Password

must be configured on primary and replica if TLS is enabled.

com.systar.electron.tls.keystore.type

JKS


Keystore type (JKS or PKCS12)

must be configured on primary and replica if TLS is enabled.

com.systar.electron.tls.keystore.location

no default value


Keystore location

must be configured on primary and replica if TLS is enabled.

com.systar.electron.tls.keystore.password

no default value

Keystore password

must be configured on primary and replica if TLS is enabled.

com.systar.electron.tls.truststore.type

JKS


Truststore type (JKS or PKCS12)

must be configured on primary and replica if TLS is enabled.

com.systar.electron.tls.truststore.location

no default value


Truststore location

must be configured on primary and replica if TLS is enabled.

com.systar.electron.tls.truststore.password

no default value

Truststore password

must be configured on primary and replica if TLS is enabled.

PR configuration

To activate a PR cluster, you must install at least 2 DI nodes, and ensure one of them is of type Primary, and the other of type Replica. 

Parameter Primary node value Replica node value

com.systar.electron.type

PRIMARY

REPLICA 

HA configuration

To activate a HA cluster, you must install at least 2 DI nodes, and ensure one of them is acting as Main node while the second is acting as Backup node.

Parameter Main node value Backup node value

com.systar.electron.type

HA

HA

com.systar.electron.host

Host / IP of the local host (main)

Host / IP of the local host (backup)
com.systar.electron.ha.host Host / IP of the remote host (backup)
Host / IP of the remote host (main)
com.systar.electron.ha.token Password of your choice Password of your choice

A HA node always starts as backup. Use Switch backup to main procedure to activate main node.

Secure cluster communications

Primary/Replica and HA Main/Backup communications can be encrypted.

When encryption is enabled, for security purpose, the mutual authentication is activated so that:

  • The producer node (primary or HA main) authenticates consumer nodes that connect on it
  • The consumer nodes (replicas or HA backup) check the endpoint identification (producer node)

This mutual authentication is done using keystores and truststores on both side.

The KeyStore Manager tool can be easily used to generate keystores and truststores.

Configuration

The following are the configuration requirements:

  • All nodes must have a truststore and a keystore.
  • The Subject Alternative Name used (SAN) for the producer node must match the electron hostname used on consumer nodes; a verification is done.

Here is an example of how to generate truststores and keystores with KeyStore Manager:

Truststore are parameterized with a CA certificate. This CA certificate is also used to validate all the keys.

  KeyStore Manager commands
ksm createCA ADI-CA -password changeit
ksm createHostKey -ca ADI-CA -password changeit myprimary -dns myprimary.mydomain.com
ksm createHostKey -ca ADI-CA -password changeit myreplica -dns myprimary.mydomain.com
ksm exportHostKey -ca ADI-CA -password changeit -format JKS -exportpassword changeit myprimary 
ksm exportHostKey -ca ADI-CA -password changeit -format JKS -exportpassword changeit myreplica


Then, in the conf directory of each node, you can copy the corresponding truststore and keystore and update the platform.properties file like below:

  HA configuration - platform.properties
com.systar.electron.type=HA
com.systar.electron.host=myha.mydomain.com
com.systar.electron.tls.enabled=true
com.systar.electron.tls.keystore.location=${com.systar.platform.conf.dir}/myha_keystore.jks
com.systar.electron.tls.keystore.password=changeit
com.systar.electron.tls.keystore.keyPassword=changeit
com.systar.electron.tls.truststore.location=${com.systar.platform.conf.dir}/ADI-CA_truststore.jks
com.systar.electron.tls.truststore.password=changeit
  Primary configuration - platform.properties
com.systar.electron.type=PRIMARY
com.systar.electron.host=myprimary.mydomain.com
com.systar.electron.tls.enabled=true
com.systar.electron.tls.keystore.location=${com.systar.platform.conf.dir}/myprimary_keystore.jks
com.systar.electron.tls.keystore.password=changeit
com.systar.electron.tls.keystore.keyPassword=changeit
com.systar.electron.tls.truststore.location=${com.systar.platform.conf.dir}/ADI-CA_truststore.jks
com.systar.electron.tls.truststore.password=changeit
  Replica configuration - platform.properties
com.systar.electron.type=REPLICA
com.systar.electron.host=myprimary.mydomain.com
com.systar.electron.tls.enabled=true
com.systar.electron.tls.keystore.location=${com.systar.platform.conf.dir}/myreplica_keystore.jks
com.systar.electron.tls.keystore.password=changeit
com.systar.electron.tls.keystore.keyPassword=changeit
com.systar.electron.tls.truststore.location=${com.systar.platform.conf.dir}/ADI-CA_truststore.jks
com.systar.electron.tls.truststore.password=changeit

Related Links