Preparing nodes for a Kaspersky Security Center Linux failover cluster

Before continuing, ensure that you completed the previous steps in the Scenario: Deployment of Kaspersky failover cluster.

Prepare two devices to work as the active and passive nodes of the Kaspersky Security Center Linux failover cluster.

Common folders configuration

  1. Depending on your Linux distribution, install either nfs-utils package or nfs-kernel-server package on each node by running the corresponding command:

    sudo yum install nfs-utils

    sudo apt install nfs-kernel-server

  2. Create mount points by running the following commands:

    sudo mkdir -p /mnt/KlFocStateShare

    sudo mkdir -p /mnt/KlFocDataShare_klfoc

  3. Match the mount points and the shared folders:

    sudo sh -c "echo {file server}:/mnt/KlFocStateShare /mnt/KlFocStateShare nfs vers=4,soft,timeo=50,retrans=2,auto,user,rw 0 0 >> /etc/fstab"

    sudo sh -c "echo {file server}:/mnt/KlFocDataShare_klfoc /mnt/KlFocDataShare_klfoc nfs vers=4,noauto,user,rw,exec 0 0 >> /etc/fstab"

    Here, {file server} is the FQDN of the file server with shared folders.

  4. Mount the shared folders by running the following commands:

    mount /mnt/KlFocStateShare

    mount /mnt/KlFocDataShare_klfoc

  5. Ensure that the permissions to access the shared folders belong to ksc:kladmins.

    Run the following command:

    sudo ls -la /mnt/

Network adapters configuration

A secondary network adapter can be physical or virtual. If you chose a deployment schema with a secondary network adapter, perform the corresponding procedure on both nodes:

Load balancer configuration

If you chose a deployment schema with a load balancer, perform the following steps:

  1. Prepare a dedicated Linux-based device with nginx or another load balancer installed.
  2. Configure load balancing. Set the active node as the main server, and the passive node as a backup server.
  3. On the nginx server, open all of the Administration Server ports according to the following article: Ports used by Kaspersky Security Center Linux.

To deploy Kaspersky Security Center Linux failover cluster, follow the further instructions of the scenario.

The availability of the failover cluster nodes should be determined by the availability of the main connection ports to the Administration Server. The passive node does not accept any external connections until a switch occurs.

See also:

About Kaspersky Security Center Linux failover cluster

Scenario: Deployment of Kaspersky Security Center Linux failover cluster

Ports used by Kaspersky Security Center Linux

Page top