How to add multiple Baffle Shields to an existing endpoint

You can assign multiple Baffle Shields to a single endpoint through the Baffle Manager admin console. When multiple Baffle Shields are assigned to the same endpoint, each shield must be listening on a different port number. For example, if the first Baffle Shield uses port 8444 (the default), a second Baffle Shield on the same endpoint would need to use port 8445, and so on.

This article provides steps for adding an additional Baffle Shield to an existing endpoint that already has an assigned Baffle Shield. 

IMPORTANT: The user account used to log in to the Baffle Shield host machine must have a home directory on that system. Our example in the following task is for an AWS EC2 instance. However, you should enter the host user name for the account used to log in to your Baffle Shield host machine.

To add an additional Baffle Shield to an existing endpoint, do the following:

1. Log in to the Baffle Manager and click the shield icon on the left navigation panel.  A list of connected Baffle Shields appears.
   
   
2. Click +BAFFLE SHIELD in the upper right corner and enter a name for the new Baffle Shield in the Add Baffle Shield dialog, then do the following:
   • • Select “Automated Deployment” for Deployment Model.
     • Enter the Host Username centos to access the Baffle Shield EC2 Instance, as shown in our example. OR, enter the user name for the account used to log in to the Baffle Shield host machine. This user account must have a home directory on that system.
     • Enter the same IP Address for the Baffle Shield that you used for the first shield.
3. Enter a new port number for the Baffle Shield to listen for application connections. IMPORTANT! When multiple Baffle Shields are assigned to an endpoint, each shield must use a different port number. For example, if the first Baffle Shield uses port 8444 (the default), enter 8445 as the port number for the second Baffle Shield.
   
   
4. Check the appropriate box based on your intended deployment configuration:
   – Use SSL: Check this box if you require the use of SSL for the connection between the application and the data store. The data store must already be configured for SSL. After selecting, also choose whether to have Baffle Manager generate a self-signed certificate for Baffle Shield or upload your own certificate.
   – Use SSH Key: Check this box if you would like Baffle Manager to use a SSH key instead of password credentials to authenticate to the Baffle Shield machine for deployment. Also choose to upload a new key or select a previously uploaded key to use. IMPORTANT! NOTE: The SSH key must be in the .pem format.
5. Click Add Baffle Shield to complete the process. The new Shield is added to the list of configured Baffle Shields.
6. To add more Baffle Shields to the same endpoint, repeat steps 2 through 5.