# Scaling and High Availability

<figure><img src="https://762006384-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MJXOXEifAmpyvNVL1to%2Fuploads%2FnwuJqkgX2fBDINuI1SlH%2FKeeper%20Gateway%20High%20Availability.jpg?alt=media&#x26;token=78795788-d2db-4790-835c-d8a356b83e4d" alt=""><figcaption></figcaption></figure>

The Keeper Gateway powers [Connections](/en/keeperpam/privileged-access-manager/connections.md), [Tunnels](/en/keeperpam/privileged-access-manager/tunnels.md), [Discovery](/en/keeperpam/privileged-access-manager/discovery.md), and [Password Rotation](/en/keeperpam/privileged-access-manager/password-rotation/rotation-overview.md).

Scaling lets you run multiple Gateway instances with the same configuration. Those instances form one Gateway pool. The pool improves capacity and availability for PAM workloads.

A Gateway pool distributes requests across healthy instances in round-robin order.

### How Scaling Works

<figure><img src="/files/SxeUnQzZQafiFx4Pjlvv" alt=""><figcaption></figcaption></figure>

When Gateway scaling is enabled, you can operate multiple Gateway instances using identical configuration. These instances form a Gateway pool that collectively manages PAM workloads.

* **Workload distribution** — requests are distributed across available Gateway instances.
* **Automatic failover** — if one instance becomes unavailable, traffic shifts to healthy instances.
* **Configurable maximum** — you define how many instances can run at once.
* **Cross-platform support** — instances can run on any supported Gateway platform.

{% hint style="info" %}
`pam gateway list` in Commander shows the Gateway Pool as a single entry. Use `pam gateway list --verbose` to see additional details including OS, machine type, and device name. Individual running instances are not listed separately.
{% endhint %}

#### Scaling Down

Reducing the maximum instance count doesn't automatically stop running Gateways — manual intervention is required. If you lower the limit (example: 3 → 2), existing instances continue running until you manually stop them to comply with the new maximum.

### Setup

#### Prerequisites

Before you enable scaling, make sure you have:

* Keeper Gateway version **1.7.6 or higher**
* Keeper Commander version **17.2 or higher**
* A user who can create, deploy, and manage Keeper Gateways
* An existing Gateway deployment

#### 1. Set Maximum Gateway Instances

After logging into Keeper Commander, retrieve your gateway list:

```bash
pam gateway list
```

Configure scaling for your gateway:

```bash
pam gateway set-max-instances -g <GATEWAY_UID_OR_NAME> -m <MAX_INSTANCES>
```

Where `<GATEWAY_UID_OR_NAME>` is your Gateway's UID or name, and `<MAX_INSTANCES>` is your desired concurrent instance limit (minimum: 1).

**Example:**

```bash
pam gateway set-max-instances -g Dmg5bh63p3Yj7ov738BTAw -m 5
```

#### 2. Run Another Gateway with the Same Configuration

Deploy the same Gateway configuration to additional servers or environments. Each instance joins the same Gateway pool and respects the configured maximum.

Copy the configuration from an existing running Gateway and reuse it on each new host. If you created the original Gateway with the base64 configuration option, reuse that printed `GATEWAY_CONFIG` value.

For Docker deployments, add the `GATEWAY_CONFIG` value to the new container's environment:

```yaml
services:
  keeper-gateway:
    environment:
      ACCEPT_EULA: Y
      GATEWAY_CONFIG: <paste value from existing gateway here>
```

For Linux or Windows deployments, place the same Gateway configuration on the new host. Use the same configuration source that the original Gateway used.

For full deployment steps, see the platform guides:

* [Gateway with Docker](/en/keeperpam/privileged-access-manager/getting-started/gateways/gateway-with-docker.md)
* [Gateway on Linux Native](/en/keeperpam/privileged-access-manager/getting-started/gateways/linux-installation.md)
* [Gateway on Windows](/en/keeperpam/privileged-access-manager/getting-started/gateways/windows-installation.md)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.keeper.io/en/keeperpam/privileged-access-manager/getting-started/gateways/scaling-and-high-availability.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.