Installing Kaspersky Security Center Linux on the Kaspersky Security Center Linux failover cluster nodes
This procedure describes how to install Kaspersky Security Center Linux on the nodes of the Kaspersky Security Center Linux failover cluster. Kaspersky Security Center Linux is installed on both nodes of the Kaspersky Security Center Linux failover cluster separately. First, you install the application on the active node, then on the passive one. When installing, you choose which node will be active and which will be passive.
Use the installation file—ksc64_[version_number]_amd64.deb or ksc64-[version_number].x86_64.rpm—that corresponds to the Linux distribution installed on your device. You receive the installation file by downloading it from the Kaspersky website.
Only a user from the KLAdmins domain group can install Kaspersky Security Center Linux on every node.
Installation on the primary (active) node
To install Kaspersky Security Center Linux on the primary node:
Make sure that the device on which you want to install Kaspersky Security Center Linux is running one of the supported Linux distributions.
In the command line, run the commands provided in this instruction under an account with root privileges.
Run the Kaspersky Security Center Linux installation. Depending on your Linux distribution, run one of the following commands:
Read the End User License Agreement (EULA) and the Privacy Policy. The text is displayed in the command line window. Press the space bar to view the next text segment. Then, when prompted, enter the following values:
Enter y if you understand and accept the terms of the EULA. Enter n if you do not accept the terms of the EULA. To use Kaspersky Security Center Linux, you must accept the terms of the EULA.
Enter y if you understand and accept the terms of the Privacy Policy, and you agree that your data will be handled and transmitted (including to third countries) as described in the Privacy Policy. Enter n if you do not accept the terms of the Privacy Policy. To use Kaspersky Security Center Linux, you must accept the terms of the Privacy Policy.
Select Primary cluster node as an Administration Server installation mode.
When prompted, enter the following settings:
Enter the local path to the mount point of the state share.
Enter the local path to the mount point of the data share.
Choose a failover cluster connectivity mode: through a secondary network adapter or an external load balancer.
If you use a secondary network adapter, enter its name.
When you are prompted to enter the Administration Server DNS name or static IP address, enter the IP address of the secondary network adapter or the IP address of the external load balancer.
Enter the Administration Server SSL port number. By default, port 13000 is used.
Evaluate the approximate number of devices that you intend to manage:
If you have from 1 to 100 networked devices, enter 1.
If you have from 101 to 1000 networked devices, enter 2.
If you have more than 1000 networked devices, enter 3.
Enter the security group name for services. By default, the 'kladmins' group is used.
Enter the account name to start the Administration Server service. The account must be a member of the entered security group. By default, the 'ksc' account is used.
Enter the account name to start other services. The account must be a member of the entered security group. By default, the 'ksc' account is used.
Select the DBMS that you installed to work with Kaspersky Security Center Linux:
If you installed MySQL or MariaDB, enter 1.
If you installed PostgreSQL or Postgres Pro, enter 2.
Enter the DNS name or IP address of the device on which the database is installed.
Enter the database port number. This port is used to communicate with Administration Server. By default, the following ports are used:
Port 3306 for MySQL or MariaDB
Port 5432 for PostgreSQL or Postgres Pro
Enter the database name.
Enter the login of the database root account that you use to access the database.
Enter the password of the database root account that you use to access the database.
Wait for the services to be added and started automatically:
klnagent_srv
kladminserver_srv
klactprx_srv
klwebsrv_srv
Create an account that will act as an Administration Server administrator. Enter the user name and password. The user password cannot have less than 8 or more than 16 characters.
The user is added and Kaspersky Security Center Linux is installed on the primary node.
Installation on the secondary (passive) node
To install Kaspersky Security Center Linux on the secondary node:
Make sure that the device on which you want to install Kaspersky Security Center Linux is running one of the supported Linux distributions.
In the command line, run the commands provided in this instruction under an account with root privileges.
Run the Kaspersky Security Center Linux installation. Depending on your Linux distribution, run one of the following commands:
Read the End User License Agreement (EULA) and the Privacy Policy. The text is displayed in the command line window. Press the space bar to view the next text segment. Then, when prompted, enter the following values:
Enter y if you understand and accept the terms of the EULA. Enter n if you do not accept the terms of the EULA. To use Kaspersky Security Center Linux, you must accept the terms of the EULA.
Enter y if you understand and accept the terms of the Privacy Policy, and you agree that your data will be handled and transmitted (including to third countries) as described in the Privacy Policy. Enter n if you do not accept the terms of the Privacy Policy. To use Kaspersky Security Center Linux, you must accept the terms of the Privacy Policy.
Select Secondary cluster node as an Administration Server installation mode.
When prompted, enter the local path to the mount point of the state share.
Kaspersky Security Center Linux is installed on the secondary node.
Service verification
Use the following commands to check whether or not a service is running:
systemctl status klnagent_srv.service
systemctl status kladminserver_srv.service
systemctl status klactprx_srv.service
systemctl status klwebsrv_srv.service
Now, you can test the Kaspersky Security Center Linux failover cluster to make sure that you configured it correctly and that the cluster works properly.