FastX Clustering

Note: For FastX Version 2 clustering, click here

Multiple FastX servers can be connected together to create a cluster. Clustering allows users to connect to any system and view/interact with/launch sessions in the cluster.

Clustering offers better security and load distribution over a single machine.  Gateway servers can be used as the client access point while session servers can be hidden behind a firewall to do the heavy computing.  Combined with load balancing, the power of FastX can be seen.  New sessions can be routed to servers giving the implementers complete control of where sessions are started.  Power users can integrate their own job scheduling software into the FastX cluster launching sessions when the server resources become available.

Setting up a cluster

Overview

FastX uses a distributed database with encrypted messaging to provide secure communication between servers. Each FastX server doubles as a database node.  Access to the cluster is authorized by shared cluster keys.  Messages between cluster members are encrypted using public/private key pairs of the individual nodes

Installing the cluster package

  1. Download the FastX plugins package
  2. Extract the files tar xzf FastX3-plugins-{{version}}.tgz
  3. copy the extracted plugins directory to var mv plugins /usr/lib/fastx/3
  4. Restart the web server service fastx3 restart

Setting up a the cluster

Set up the database connection

Add the URL of one or more cluster members to the database connections list.  You do NOT need to add every cluster member to the list.  A connection to the database grants you access to the cluster and all members in the cluster.  Also note that all communication is bidirectional.  If NodeA has connected to NodeB, NodeB does not need to connect back to NodeA

  1. Log in as an Administrator
  2. Go to the System > Clustering > Cluster Setup > Database Connections
  3. Click New Server.
  4. Add the Url
  5. Repeat Steps 3 – 4 for multiple connections
  6. Click ActionsReconnect to Servers to reread the server list and connect

Set up the Cluster Keys

Cluster access is restricted by the use of secret keys.  A JSON web token signed by a secret key is sent along with every request.  The cluster node verifies the web token and allows access to the database.  You can have multiple secret keys.  If any key is valid you have access to the cluster

  1. Log in as an Administrator
  2. Go to the System > Clustering > Cluster Setup > Cluster Keys
  3. Click New Key.
  4. Add a secret key
  5. Repeat Steps 3 – 4 for multiple keys

(Optional) Set up Trusted Nodes

All messages in the shared database are encrypted using public/private key pairs.  By default the public keys are stored in the shared database.  This allows clusters to easily be set up and communicate.  For added security, you can specify a key store on the file system and manually upload the public keys of the servers.  This prevents an attacker who has broken in to the database from sending false messages with his own public key.  The message will be sent, but it cannot be verified and therefore it will be rejected.

  1. Log in as an administrator
  2. Go to the System > Clustering > Cluster Setup > Trusted Servers
  3. Select Store Keys on the Local System
  4. Upload the public keys of the Trusted Servers
  5. Repeat this process for every server in the cluster

Notes

  • Communication is bi-directional.  The database server and the database client sync all information between each other.
  • In production, all servers should use Valid SSL Certificates from a trusted certificate authority.
    • To enforce certificate validation add the option “rejectUnauthorized”: false  to the agent object in the Database connections section. ie.
    • {
      “rejectUnauthorized”: false
      }