Tenant Connector Outbound Multiple Nodes Option
In case several tenant connector outbound nodes want to be used in the same tenant site, the installation script should be executed on every tenant connector machine. After that, the user needs to fill in the required data for every tenant connector node on the Tenant Connector page of Kron PAM Web GUI and press the SAVE button as explained 8th step in Section 3. In the end, under the same tenant site, multiple tenant connector nodes appear. If more than one tenant connector node is active under the same tenant site, the traffic is distributed in a round-robin fashion through those nodes. The Kron PAM server keeps checking the connector nodes’ activity by running a job called TunnelHeartbeatCheckJob. This job keeps track of the regular heartbeat messages sent by the connector nodes and sets the tunnel status as FAILED in case three consecutive heartbeat messages (this number is specified in the “connector.heartbeat.check.interval” system parameter) do not arrive. There will be no traffic on the failed tenant connector node unless its status turns active again.
If the TunnelHeartbeatCheckJob is not defined on the Kron PAM server, the user should define it first.
The important point here is that Kron PAM should understand the status of the tenant connector node with this job if the connector node fails. In case the connector service defined in the tenant connector node becomes down or the secure tunnel between the Kron PAM server and the tenant connector node becomes down, if this job is not defined (or not run), even though in reality the tenant connector node is not active, Kron PAM thinks that it is still active, and still sends the requests to this connector node.