Skip to content

Peer Nodes

Peer node is separate 12Port application node usually deployed in a remote or isolated network location that could be used by the current deployment for various purposes such as data replication or delegated script execution.

A typical use case for a peer node involves delegating script execution to endpoints or devices within remote, isolated networks that cannot be directly accessed by the current deployment. In this situation, creating a trusted connection between the main node and the remote peer node enables management of devices that the main node cannot access. Peer nodes are valuable for overseeing devices across multiple isolated datacenters or virtual cloud networks from a single location. They are also beneficial in managed service provider (MSP) scenarios, where each peer node can manage devices for independent MSP clients.

Note

Main Node to Peer Node communication is done over HTTPS using the port (443, 6443, etc) that is used by each 12Port deployment. Ensure that this traffic is open between each Node; directly, virtually or via a tunnel.

Creating a Peer Node Connection

A Peer Node connection supports two separate 12Port deployments, one acting as the Main node while the other as the Peer node. The Peer node should be deployed in a location with appropriate connectivity to communicate with any devices or endpoints that are not directly accessible by the Main node.

After the Peer Node is deployed and running, you can begin the configuration to establish connectivity from this node.

  1. From the Peer Node, log in with an Administrator account. You will login to this Peer Node's Tenant and Space (do not use the /base tenant) where the connectivity with the Main Node will be established.
  2. Navigate to Management > Users and create a new Local Directory User. This Local Directory User account will be used as a Service account to authenticate from the Main node to this Peer node. If you want to use a user account from an external directory like Active Directory or EntraID, you can skip this step. Do not use a group for Service accounts.
  3. Next, navigate to Management > Space Roles and click the Grant button. Select the user created in the previous step or your external user that will become the Service account. Enable the Service space role and click the Grant button to complete this operation. Space Role Service Assignment
  4. Finally, navigate to Management > API Tokens and click the Add button. Select the user assigned the Service space role from the previous step, define an appropriate Expiration date, Filter, Description, click the Enabled button and then Save to complete this operation. This API token will be used for authentication purposes from the Main node to this Peer node in the next steps.
  5. After the API Token is saved we will need to access this token for later use. Use the Actions Show Details option for this token, click the Unlock Token option for the JWT value and then click Copy. This will copy this token to your clipboard. You can use the Lock Token option when you have the token copied. API Token Copy to Clipboard


Now we will begin the configuration from the Main node.

  1. From the Main Node, log in with an Administrator or a Configuration Manager account. You will login to this Main Node's Tenant and Space (do not use the /base tenant) where the connectivity with the Peer Node will be established.
  2. Navigate to Configuration > Peer Nodes and click the Add button.
  3. Click on the parameter name for details about each or follow the guidance provided here:
    1. Peer Name: Enter a unique and recognizable name to assign to this connection. This name will be used when assigning this connection to assets.
    2. URL: Enter the URL of the Peer Node that was used for configuration in the previous section. The URL will be formed like this: https://host:port/ztna/<tenant>/<space> where <tenant> and <space> are the tenant and space designated on the Peer Node for connectivity purposes.
    3. Access Token: Enter or Paste the API Token that was created and copied from the Peer Node in the previous section.
    4. Enabled: Click to Enable this connectivity making it available for use with asset assignment.
  4. Next, use the Verify Trust button to review the certificate and establish trust with the Peer Node. If the certificate is not yet trusted, use the blue Establish Trust button to perform this trust operation. Establish Certificate Trust After this trust is successfully established, the header will turn from Red to Green indicating trust with the Peer Node has been created. Trust Established Successfully Click the Close button to continue.
  5. Finally, use the Test Connection to ensure that connectivity from the Main node to the Peer node is successful. Test Connection Success


Connectivity between the Main Node and Peer Node has now been established. Next, this Peer Node has to been assigned to specific assets so that they can be processed by the Peer Node rather than the Main Node.

  1. From the Main Node, navigate to the Asset library and identify the asset (Container or Asset) that will have its jobs processed by this Peer Node. If a Peer Node is assigned to a container, all assets within this container will inherit this Peer Node configuration and their jobs will be processed by this Peer Node.
  2. On this asset, use the Manage > Peer Nodes option and click the Add button. Access to this option requires a space role: Administrator, space role: Asset Manager or an Asset Permission of Asset Manager or higher account.
  3. Using the Peer Name parameter and select the Peer Node by its Peer Name that was created in the previous section. Asset Peer Node Selection Page
  4. Click the Save button to complete this configuration.

This Peer Node will now be assigned to this asset and enabled for use by default. If you want to Edit, Disable or Delete the configuration, use the Actions menu on this row.

Verifying Peer Node Job Execution

After the Peer Node configuration is complete, it is time to test and verify its use. The following section will confirm that the Peer Node is being used for remote job execution as intended.

  1. From the Asset where the Peer Node is enabled, use its Execute menu to perform an on-demand Job execution like Windows Status or Linux Status. If the Asset is a container, navigate into this container and use one of its child assets to perform this on-demand Job execution test.
  2. Use the Reports > Jobs report from this asset to confirm this job has Completed.
  3. After Completed, use the Actions > Show Details option of this Job to review its metadata. Locate the Node Signature parameter and observe that it displays the Peer Node, Peer Tenant and Peer Space as defined in the previous configuration sections.

    As an example, here is how the Node Signature appears for a Peer Node job execution, where:
    Node Signature Example
    (1) is the Node name 12P-remotePeer-dev of the Peer Node, followed by a :: separator;
    (2) is the Tenant Name proxm-27 where the Peer Node was created, followed by a :: separator; and
    (3) is the Space Name root in this tenant where the Peer Node was created.


This confirms that the Main Node asset and its job was executed using the Peer Node from this asset's configuration.

Note

When two or more enabled Peer Nodes are assigned to an asset, whether through inheritance from a parent container, direct assignment or both, 12Port will randomly select one of the peer nodes to use for each remote job execution.