Scaling and High Availability

Enable HA Scaling on the Keeper Gateway

Overview

The Keeper Gateway enables KeeperPAM features such as Connections, Tunnels, Discovery, and Credential Rotation. With the growing use of PAM, Gateway scaling offers an excellent solution to boost scalability and availability by enabling multiple Gateway instances to run concurrently using the same configuration. This approach increases reliability by efficiently distributing PAM workloads across several Gateway instances, allowing for a greater number of simultaneous connections.

HA Gateway Scaling is available with Keeper Gateway version 1.7.6+ and Commander 17.2+

How Scaling Works

When Gateway scaling is enabled on the Keeper Gateway, you can run multiple Gateway instances using the same Gateway configuration. These instances form a Gateway pool that collectively handles PAM workloads.

Features

Workload distribution: PAM workloads are distributed across the available Gateway instances.
Instance limits: Enforces a configurable maximum number of Gateway instances.
Cross-platform support: Gateway instances can run on any supported platforms.

Scaling Down

Reducing the maximum number of Gateway instances does not stop running Gateways. and requires you to manually stop the gateway instance(s) to align with the new limit. For example, If you set the instance limit to 3 and run 3 active Gateways, all instances will operate normally.

If you later reduce the limit (for example, 3 → 2):

Existing Gateway instances are not automatically shut down.
You must manually stop one instance to meet the new limit.
After the limit is reduced, additional instances will be prevented from starting above the configured maximum.

Setup

Prerequisites

Prior to configuring scaling for your Keeper Gateway, you need the following:

Keeper Gateway version 1.7.6 or higher
Keeper Commander version 17.2 or higher
User with the following enforcement policies:
- Can create, deploy, and manage Keeper Gateways

Set the Maximum Number of Gateway Instances

After logging into Keeper Commander, get a list of gateways from this command:

pam gateway list

Run the following command for the gateway being configured for scaling:

pam gateway set-max-instances -g <GATEWAY_UID> -m <MAX_INSTANCES>

<GATEWAY_UID> is the UID of the Gateway you are scaling.
<MAX_INSTANCES> is the maximum number of Gateway instances you want to allow.

Example: The following example allows up to 5 Gateway instances to run concurrently:

pam gateway set-max-instances -g Dmg5bh63p3Yj7ov738BTAw -m 5

Run multiple Gateways using the same config

Use the original Gateway configuration file to initialize additional instances on new servers or environments, ensuring scaling remains enabled.

Each instance started with this configuration will join the same Gateway pool, up to the configured maximum instance limit.

Gateway Configuration File

For more information on the gateway configuration file, visit the following:

PreviousAuto Updater NextSharing Gateways

Last updated 17 days ago

Was this helpful?