Recommended Number of Nodes in Workspace ONE Access Cluster

Setting up a Workspace ONE Access cluster with three nodes is recommended.

The Workspace ONE Access appliance includes OpenSearch, a search and analytics engine. OpenSearch has a known limitation with clusters of two nodes. For a description of the OpenSearch "split brain" limitation, see the OpenSearch documentation. You do not have to configure any OpenSearch settings.

A Workspace ONE Access cluster with two nodes provides failover capability with a few limitations related to OpenSearch. If one of the nodes shuts down, the following limitations apply until the node is brought up again:

• The dashboard does not display data.
• Most reports are unavailable.
• Sync log information is not displayed for directories.
• The search field in the top-right corner of the administration console does not return any results.
• Auto-complete is not available for text fields.

There is no data loss during the time the node is down. The audit event and sync log data is stored and is displayed when the node is restored.

Network Partitions

Creating a network partition between nodes in a Workspace ONE Access cluster is not recommended. If a network partition exists between Workspace ONE Access service nodes such that the nodes cannot communicate with each other, and if all the nodes are still accessible from the load balancer, letting login requests go to any of the partitioned nodes, you might encounter the following problems:

• You might see stale data across requests. For example, changes made to an access policy on one node might not apply to login requests that go to another node if there is a partition between the nodes.
• Login calls that use the outbound connector might fail.