⚖️Scaling and High Availability

Enable HA Scaling on the Keeper Gateway

The Keeper Gateway powers Connections, Tunnels, Discovery, and Password Rotation.

Scaling lets you run multiple Gateway instances with the same configuration. Those instances form one Gateway pool. The pool improves capacity and availability for PAM workloads.

A Gateway pool distributes requests across healthy instances in round-robin order.

How Scaling Works

When Gateway scaling is enabled, you can operate multiple Gateway instances using identical configuration. These instances form a Gateway pool that collectively manages PAM workloads.

Workload distribution — requests are distributed across available Gateway instances.
Automatic failover — if one instance becomes unavailable, traffic shifts to healthy instances.
Configurable maximum — you define how many instances can run at once.
Cross-platform support — instances can run on any supported Gateway platform.

pam gateway list in Commander shows the Gateway Pool as a single entry. Use pam gateway list --verbose to see additional details including OS, machine type, and device name. Individual running instances are not listed separately.

Scaling Down

Reducing the maximum instance count doesn't automatically stop running Gateways — manual intervention is required. If you lower the limit (example: 3 → 2), existing instances continue running until you manually stop them to comply with the new maximum.

Setup

Prerequisites

Before you enable scaling, make sure you have:

Keeper Gateway version 1.7.6 or higher
Keeper Commander version 17.2 or higher
A user who can create, deploy, and manage Keeper Gateways
An existing Gateway deployment

1. Set Maximum Gateway Instances

After logging into Keeper Commander, retrieve your gateway list:

pam gateway list

Configure scaling for your gateway:

pam gateway set-max-instances -g <GATEWAY_UID_OR_NAME> -m <MAX_INSTANCES>

Where <GATEWAY_UID_OR_NAME> is your Gateway's UID or name, and <MAX_INSTANCES> is your desired concurrent instance limit (minimum: 1).

Example:

pam gateway set-max-instances -g Dmg5bh63p3Yj7ov738BTAw -m 5

2. Run Another Gateway with the Same Configuration

Deploy the same Gateway configuration to additional servers or environments. Each instance joins the same Gateway pool and respects the configured maximum.

Copy the configuration from an existing running Gateway and reuse it on each new host. If you created the original Gateway with the base64 configuration option, reuse that printed GATEWAY_CONFIG value.

For Docker deployments, add the GATEWAY_CONFIG value to the new container's environment:

services:
  keeper-gateway:
    environment:
      ACCEPT_EULA: Y
      GATEWAY_CONFIG: <paste value from existing gateway here>

For Linux or Windows deployments, place the same Gateway configuration on the new host. Use the same configuration source that the original Gateway used.

For full deployment steps, see the platform guides:

PreviousAuto Updater NextSharing Gateways

Last updated 1 month ago