About Kaspersky Security Center Linux failover cluster
A Kaspersky Security Center Linux failover cluster provides high availability of Kaspersky Security Center Linux and minimizes downtime of Administration Server in case of a failure. The failover cluster is based on two identical instances of Kaspersky Security Center Linux installed on two computers. One of the instances works as an active node and the other one is a passive node. The active node manages protection of the client devices, while the passive one is prepared to take all of the functions of the active node in case the active node fails. When a failure occurs, the passive node becomes active and the active node becomes passive.
In a Kaspersky Security Center Linux failover cluster, all Kaspersky Security Center Linux services are managed automatically. Do not try to restart the services manually.
Hardware and software requirements
To deploy a Kaspersky Security Center Linux failover cluster, you must have the following hardware:
- Two computers with identical hardware and software. These computers will act as the active and passive nodes.
- A file server running Linux, with the EXT4 file system. You must provide a dedicated computer that will act as a file server.
Make sure you have provided high network bandwidth between the file server, and the active and passive nodes.
- A computer with Database Management System (DBMS). If you use MariaDB Galera Cluster as a DBMS, a dedicated computer for this purpose is not required.
Deployment schemes
You can choose one of the following schemes to deploy Kaspersky Security Center Linux failover cluster:
- A scheme that uses a secondary network adapter.
- A scheme that uses a third-party load balancer.
A scheme that uses a secondary network adapter
Scheme legend:
Administration Server sends data to the database. Open the necessary ports on the device where the database is located, for example, port 3306 for MySQL Server, or port 1433 for Microsoft SQL Server. Please refer to the DBMS documentation for the relevant information.
On the managed devices, open the following ports: TCP 13000, UDP 13000, and TCP 17000.
A computer with Database Management System (DBMS). If you use MariaDB Galera Cluster as a DBMS, a dedicated computer for this purpose is not required. Install MariaDB Galera Cluster on each of the nodes.
A scheme that uses a third-party load balancer
Scheme legend:
On the load balancer device, open all of the Administration Server ports: TCP 13000, UDP 13000, TCP 13291, TCP 13299, and TCP 17000.
On the managed devices, open the following ports: TCP 13000, UDP 13000, and TCP 17000.
Administration Server sends data to the database. Open the necessary ports on the device where the database is located, for example, port 3306 for MySQL Server, or port 1433 for Microsoft SQL Server. Please refer to the DBMS documentation for the relevant information.
A computer with Database Management System (DBMS). If you use MariaDB Galera Cluster as a DBMS, a dedicated computer for this purpose is not required. Install MariaDB Galera Cluster on each of the nodes.
Switch conditions
The failover cluster switches protection management of the client devices from the active node to the passive one, if any of the following events occurs on the active node:
- The active node is broken due to a software or hardware failure.
- The active node was temporarily stopped for maintenance activities.
- At least one of the Kaspersky Security Center Linux services (or processes) failed or was deliberately terminated by user. The Kaspersky Security Center Linux services are the following ones: kladminserver, klnagent, klactprx, and klwebsrv.
- The network connection between the active node and the storage on the file server was interrupted or terminated.
