# Setting up a Cyberark HA Vault Cluster - Part 1 Implementing a Cyberark High Availability (HA) Vault cluster is crucial for large organizations to ensure seamless and uninterrupted access to privileged account management. This robust setup minimizes downtime by providing failover capabilities, thereby enhancing operational continuity and security. Moreover, the HA architecture ensures data integrity and protection against single points of failure, safeguarding sensitive credentials and reducing the risk of breaches. Ultimately, Cyberark HA Vault clusters are vital for maintaining the resilience and efficiency of enterprise security infrastructures. This is the first of a series of 4 articles in which we'll be implementing a solid HAVault Cluster instance in a demo lab. Our demo project will require some storage and network pre-installation according with next diagram: {{< image src="images/architecture1.webp" caption="High Level Design" >}} {{< admonition note "Prepare the Network Infrastructure" >}} According with [Cyberark Documentation](https://docs.cyberark.com/pam-self-hosted/14.0/en/Content/PAS%20INST/Digital-Vault-cluster-introduction.htm?tocpath=Installation%7CInstall%20PAM%20-%20Self-Hosted%7CCyberArk%20Digital%20Vault%20installation%7CIntroduction%20to%20Digital%20Vault%20installation%7C_____3) We need to prepare a specific Network Infrastructure configuration. Basically, we'll have Vault machines connected to a Private Network and Public Network. For this demo, we're using 2 Netowrks: **CyberarkEcosystem (Public)** and **Private Cluster (Private)** {{< image src="images/networkInfra.webp" caption="Network Infrastructure" >}} {{< /admonition >}} ## 1. iSCI Storage Preparation Data and Metada is stored in a shared disk. However, a quroum disk is necessesary for the active/passive node determination, so let's prepare the storage infrastructure for our demo project. Quorum disk capacity only need to be 1GB. Data will not be stored here, this is just for pointing to the active node. {{< image src="images/img1.1.webp" caption="Storage Infrastructure from ESXi" >}} Let's make sure we have the necessary Windows Server Role installed. We'll be leveraging the Windows iSCSI for the virtual Disk assignation. {{< image src="images/img6.webp" caption="Windows Server Role" >}} Before using the disks we first need to initialize them. We can start this console directly by running **compmgmt.msc** {{< image src="images/img14.webp" caption="Disk Initialization" >}} Now we can set them online from the Storage Panel {{< image src="images/img17.webp" caption="Onlne disks" >}} ### 1.1. Volume Creation Let's create our first Volume for the Shared Storage 1. Go to panel File and Storage Services > iSCSI and start a new task {{< image src="images/img19.webp" caption="iSCSI Panel" >}} 2. Select the Virtual Disk location. Let's start with the Shared storage {{< image src="images/img20.webp" caption="iSCSI virtual disk selection" >}} 3. Set a name and description {{< image src="images/img21.webp" caption="Name and Description" >}} 4. Set full size and dynamically expanding to save space {{< image src="images/img22.webp" caption="Virtual Disk size" >}} 5. New iscsi target {{< image src="images/img23.webp" caption="iSCSI target" >}} 6. Let's assign a name to the target {{< image src="images/img24.webp" caption="Target naming" >}} 7. The method to identify the initiator will be IPAddress. This is the Private IP address of our nodes, we need to set this up in our achitecture beforehand {{< image src="images/img25.webp" caption="iSCI initiator" >}} {{< image src="images/img26.webp" caption="Initiator IPs" >}} 8. No authentication enabled for our demo but we should enable CHAP authentication, at least, when deploying on PRODUCTION environment. {{< image src="images/img27.webp" caption="Authentication" >}} 9. View the results {{< image src="images/img28.webp" caption="iSCSI results" >}} Now we need to do the same for the quorum disk. At the end our storage environmet should look like this {{< image src="images/img29.webp" caption="Finished virtual storage environment" >}} ## 2. Conclusions Till now we have prepared our storage environment, for te sake of this demo, in the same host our ActiveDirectory DC is installed. In the next article we'll be preparing our Vault machine for Cyberark HAVault Deployment