Manage Safeguard for Privileged Sessions clusters
When you have a set of two or more Safeguard for Privileged Sessions (SPS instances in your deployment, you can join them into a cluster. This has several advantages. You can:
-
Manage the nodes from one central location.
-
Monitor their status and update their configuration centrally.
-
Search all session data recorded by all nodes in the cluster on a single node.
-
Scale the performance of the cluster by adding new nodes and joining them to the cluster easily.
-
Extend auditing to other networks by adding new nodes to the cluster and joining them to the cluster.
This is achieved by assigning roles to the individual nodes in your cluster: you can set one of your Safeguard for Privileged Sessions nodes to be the Central Management node and the rest of the nodes are managed from this central node.
|
|
NOTE:
All nodes in a cluster must run the same version of SPS. |
|
|
NOTE:
To configure the /api/cluster/ endpoint, your usergroup must have "read and write/perform" privileges assigned to the Basic Settings > Cluster management object. You can configure this on the AAA > Access Control page of SPS's web interface. For details, see "Managing user rights and usergroups" in the Administration Guide. |
URL
GET https://<IP-address-of-any-node-in-cluster>/api/cluster
Cookies
| Cookie name | Description | Required | Values |
|---|---|---|---|
| session_id | Contains the authentication token of the user | Required |
The value of the session ID cookie received from the REST server in the authentication response, for example, a1f71d030e657634730b9e887cb59a5e56162860. For details on authentication, see Authenticate to the SPS REST API. Note that this session ID refers to the connection between the REST client and the SPS REST API. It is not related to the sessions that SPS records (and which also have a session ID, but in a different format). |
Sample request
The following command lists the endpoints available under the cluster endpoint.
curl --cookie cookies https://<IP-address-of-any-node-in-cluster>/api/cluster
Response
The following is a sample response received.
For details of the meta object, see Message format.
{
"items": [
{
"key": "configuration_sync",
"meta": {
"href": "/api/cluster/configuration_sync"
}
},
{
"key": "join_request",
"meta": {
"href": "/api/cluster/join_request"
}
},
{
"key": "nodes",
"meta": {
"href": "/api/cluster/nodes"
}
},
{
"key": "promote",
"meta": {
"href": "/api/cluster/promote"
}
},
{
"key": "status",
"meta": {
"href": "/api/cluster/status"
}
}
],
"meta": {
"href": "/api/cluster",
"join_request": "/api/cluster/join_request",
"nodes": "/api/cluster/nodes",
"parent": "/api",
"promote": "/api/cluster/promote",
"status": "/api/cluster/status",
"configuration_sync": "/api/cluster/configuration_sync"
}
}
| Element | Type | Description | ||
|---|---|---|---|---|
| items | Top-level element (list of JSON objects) | List of endpoints (objects) available from the current endpoint. | ||
| key | string | The ID of the endpoint. | ||
| meta | Top-level item (JSON object) | Contains the path to the endpoint. | ||
| href | string (relative path) | The path of the resource that returned the response. | ||
Status and error codes
The following table lists the typical status and error codes for this request. For a complete list of error codes, see Application level error codes.
| Code | Description | Notes |
|---|---|---|
| 201 | Created | The new resource was successfully created. |
| 401 | Unauthenticated | The requested resource cannot be retrieved because the client is not authenticated and the resource requires authorization to access it. The details section contains the path that was attempted to be accessed, but could not be retrieved. |
| 401 | AuthenticationFailure | Authenticating the user with the given credentials has failed. |
| 404 | NotFound | The requested object does not exist. |