Distributed solution and multitenancy

You can configure settings of each Central Node component individually or manage several components in a centralized way in distributed solution mode.

The distributed solution is a two-tier hierarchy of servers with Central Node components installed. This structure sets apart a primary control server known as the Primary Central Node (PCN) and secondary servers known as Secondary Central Nodes (SCN). Interaction of servers requires connecting SCN to PCN.

If you have deployed the Central Node component as a cluster, the entire cluster takes on the role of a PCN or SCN.

PCN and SCN scan files and objects using the same technology as the individually managed Central Node component.

The distributed solution allows centralized management of the following functional areas of the application:

If you are supporting multiple organizations or branch offices of the same organization, you can use the application in multitenancy mode.

Multitenancy mode lets you use the application to simultaneously protect the infrastructure of multiple organizations or branch offices of the same organization (hereinafter also referred to as "tenants"). You can install Kaspersky Anti Targeted Attack Platform on one or more Central Node for each tenant. Each tenant can manage the application independently from other tenants. The service provider can manage the data of multiple tenants.

For each user account, the number of simultaneous application management sessions is limited to one IP address. If the same user name is used to log in to the application from a different IP address, the earlier session is terminated.

If you are using the distributed solution and multitenancy mode, the limit is enforced for each PCN and SCN server separately.

kata_distributed

Operation of the application in distributed solution mode

You can use the distributed solution and multitenancy mode in the following cases:

When the application switches to the distributed solution and multitenancy mode, all previously added license keys are deleted from servers with the SCN role. Each connected SCN receives a key from the PCN. If full functionality of the application is used for the PCN (KATA and KEDR key), and partial functionality is used for the SCN (only KATA key or only KEDR key), the SCN server load limit may be exceeded because of the increased volume of data. If partial application functionality is used for the PCN (only KATA key or only KEDR key), and full functionality is used for the SCN (KATA and KEDR key), the application functionality is partially unavailable.

License keys can be managed only on the PCN.

You can use the following scenarios to deploy the application in distributed solution and multitenancy mode:

In this Help section

Distributed solution and multitenancy mode transition scenario

Modifications of application settings for the distributed solution and multitenancy mode

Assigning the PCN role to a server

Assigning the SCN role to a server

Processing SCN to PCN connection requests

Viewing information about tenants, PCN and SCN servers

Adding a tenant to the PCN server

Deleting a tenant from the PCN server

Renaming a tenant on the PCN server

Disconnecting an SCN from PCN

Modifications of application settings for disconnecting an SCN from PCN

Decommissioning an SCN server

Page top