Code Mauro
Posts Tags Categories
Code Mauro

Contents

/havault3/images/Banner3.webp

Setting up a Cyberark HA Vault Cluster - Part 3

Mauro published in posts
   410 words   2 minutes 

1. Vault Cluster Installation

At this point we’ve created 2 disks, one for our Shared Storage (safes and metadata) and the second one for Quorum. After that, we have connected those two disk to our Vault_1 host.

In this post we’ll review the installation of the Cyberark Vault in Vault_1 node.

  1. Prepare your node according with Cyberark PreInstallation tasks and start de Cyberark Vault Installer as usual. When promted for Vault Installation mode, choose Cluster-node Vault Installation
/havault3/images/img1.webp
Vault installation Mode
Warning
Vault hardening at this point can break the iSCSI connection, wait to end installation for vault hardening.

  1. When prompted to choose the Safe location path, specify a path that is located on the shared storage of the cluster environment.

    /havault3/images/img3.webp
    Safe Location Path

  2. When promted for Master and administrator password, go to dbparm.ini and create a new Firewall rule pointing to our storage Private IP [ADCore]. This will override hardening for iSCSI connection

1

AllowNonStandardFWAddresses=[10.200.10.10],Yes,3260:outbound/tcp,3260:inbound/tcp

  1. Set a Master and a Administrator password

  2. Finish the installation Wizard but do not restart the machine yet

  3. Configure the Cluster Storage by running PrivateArk\Server\ClusterVault\StorageManager.exe. Do this from an elevated command prompt

    /havault3/images/img4.webp
    StorageManager.exe
    Configuring Storage Manager

    Before running StorageManager.exe, make sure Quorum disk is online using the Windows Disk Management utility.

    Specify the following parameters as input in UPPERCASE:

    –q<DRIVE_LETTER> – Defines the Quorum drive letter.

    –s<DRIVE_LETTER> – Defines the Shared Storage drive letter.

  4. Let’s configure the Network Cluster Vault. Open the ClusterVault.ini file in the PrivateArk\Server\ClusterVault\Conf\ folder :

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21

[Environment Name]
ClusterLogicalName=Cluster.Blubank
LocalNodeLogicalName=Vault1
PeerNodeLogicalName=Vault2
[Networking]
NetworkCardName=CyberarkEcosystem #Name of the PublicNetwork Network Interface
VirtualIP=10.200.0.13
PeerNodePrivateIP=10.200.10.12
PeerNodePublicIP= 10.200.0.12
LocalNodePublicIP=10.200.0.11
LocalNodePrivateIP=10.200.10.11 
[Storage]
StorageIdentifier = {2D952099-EFB6-4817-A099-E150E50E6194}
QuorumDiskIdentifier = {8D75ED62-C0AD-44F7-95B5-63C26DB7BCF3}
[Advanced Settings]
PeerNodePort=18581
HealthCheckInterval=10
RetryCountOnFailure=1
ResourceControlTimeout=60
QuorumChallengeDuration=10
SharedConfigurationDirectory=E:\PrivateArk\ClusterVault
  1. Now we can Start the Vault Services by click play button at Cluster Vault Management. Everything should look like this:
    /havault3/images/img7.webp
    Cluster Vault Management
  2. Check the ClusterVault console log , the following message will appear in the ClusterVaultConsole.log:
    /havault3/images/img15.webp
    ClusterVaultConsole.log
  3. Now is time to harden the Vault. Make sure to provide arguments for the hardening script:
    /havault3/images/img8.webp
    Hardening showing error and proper command execution
  4. Reboot system, check Logs and check Cluster Vault Management Panel.

2. Conclusions

Network configuration is paramount at this point of the deployment. Having a well planned network configuration and storage configuration from the beggining will make the Cyberark HAVault cluster deployment easier.

In the next post we’ll be installing Vault_2

Cyberark HAVault
Updated on 2024-11-10
Read Markdown