Installing Kaspersky Security Center Linux on the Kaspersky Security Center Linux failover cluster nodes

Before continuing, ensure that you completed the previous steps in the Scenario: Deployment of Kaspersky failover cluster.

This procedure describes how to install Kaspersky Security Center Linux on the nodes of the Kaspersky Security Center Linux failover cluster. Kaspersky Security Center Linux is installed on both nodes of the Kaspersky Security Center Linux failover cluster separately. First, you install the application on the active node, then on the passive one. When installing, you choose which node will be active and which will be passive.

Use the installation file that corresponds to the Linux distribution installed on your device:

• ksc64_[version_number]_amd64.deb

  or

• ksc64-[version_number].x86_64.rpm

You receive the installation file by downloading it from the Kaspersky website.

If you use RED OS version 7.3.4 or newer or MSVSPHERE version 9.2 or newer, you have to install the libxcrypt-compat package on both nodes.

Installation on the active node

To install Kaspersky Security Center Linux on the active node:

1. Make sure that the device on which you want to install Kaspersky Security Center Linux is running one of the supported Linux distributions.
2. If you use a secondary network adapter, enter its name when prompted. You can enter the following command to display all network interfaces:

   ip addr

3. Run the Kaspersky Security Center Linux installation. Depending on your Linux distribution, run one of the following commands:
   • sudo apt install /<path>/ksc64_[version_number]_amd64.deb
   • sudo yum install /<path>/ksc64-[version_number].x86_64.rpm -y
4. Run the Kaspersky Security Center Linux configuration:

   sudo /opt/kaspersky/ksc64/lib/bin/setup/postinstall.pl

5. Read the End User License Agreement (EULA) and the Privacy Policy. The text is displayed in the command line window. Press the space bar to view the next text segment. Then, when prompted, enter the following values:
   1. Enter y if you understand and accept the terms of the EULA. Enter n if you do not accept the terms of the EULA. To use Kaspersky Security Center Linux, you must accept the terms of the EULA.
   2. Enter y if you understand and accept the terms of the Privacy Policy, and you agree that your data will be handled and transmitted (including to third countries) as described in the Privacy Policy. Enter n if you do not accept the terms of the Privacy Policy. To use Kaspersky Security Center Linux, you must accept the terms of the Privacy Policy.
6. Select Primary cluster node as an Administration Server installation mode.
7. When prompted, specify the following settings:
   1. Enter the local path to the mount point of the state share: /mnt/KlFocStateShare
   2. Enter the local path to the mount point of the data share: /mnt/KlFocDataShare_klfoc
   3. Choose a failover cluster connectivity mode: through a secondary network adapter or an external load balancer.
   4. If you use a secondary network adapter, enter its name.
   5. Enter the IP address of the secondary network adapter or the IP address of the external load balancer.
   6. Enter the Administration Server SSL port number. By default, port 13000 is used.
   7. Evaluate the approximate number of devices that you intend to manage:
      • If you have from 1 to 100 managed devices, enter 1.
      • If you have from 101 to 1000 managed devices, enter 2.
      • If you have more than 1000 managed devices, enter 3.

      This setting is used for automatically randomized delay of task starts to optimize network load. The list below shows the interval within which the delay is calculated:

      • 1 to 100 managed devices, value 1. Delay is not used.
      • 101 to 1000 managed devices, value 2. Delay is 5 minutes.
      • More than 1000 managed devices, value 3. Delay is 10 minutes.
   8. Enter the security group name for services. By default, the kladmins group is used.
   9. Enter the account name to start the Administration Server service. The account must be a member of the entered security group. By default, the ksc account is used.
   10. Enter the account name to start other services. The account must be a member of the entered security group. By default, the ksc account is used.
   11. Select the DBMS that you installed to work with Kaspersky Security Center Linux:
       • If you installed MySQL or MariaDB, enter 1.
       • If you installed PostgreSQL or Postgres Pro, enter 2.
   12. Enter the DNS name or IP address of the device on which the database is installed.
   13. Enter the database port number. This port is used to communicate with Administration Server. By default, the following ports are used:
       • Port 3306 for MySQL or MariaDB
       • Port 5432 for PostgreSQL or Postgres Pro
   14. Enter the database name.
   15. Enter the login of the database root account that you use to access the database.
   16. Enter the password of the database root account that you use to access the database.
   17. Enter the IAM Server FQDN.
   18. Enter the account name to start the IAM service. The account must be a member of the entered security group. By default, the ksciam account is used.
   19. Select the DBMS that you installed to work with the IAM service:
       • If you installed MySQL or MariaDB, enter 1.
       • If you installed PostgreSQL or Postgres Pro, enter 2.
   20. Enter the IAM DBMS address to be used by the IAM service.
   21. Enter the IAM DBMS port number. This port is used to communicate with IAM service. By default, the following ports are used:
       • Port 3306 for MySQL or MariaDB
       • Port 5432 for PostgreSQL or Postgres Pro
   22. Enter the IAM database name to be used by the IAM service. The name of the database used by IAM service should be different from database used by the Administration Server.
   23. Enter the login of the database account that you use to access the IAM database.
   24. Enter the password of the database account that you use to access the IAM database.
8. Wait for the services to be added and started automatically:
   • klfocsvc_klfoc
   • kladminserver_klfoc
   • klwebsrv_klfoc
   • klactprx_klfoc
   • klnagent_klfoc
   • kliam_klfoc
9. Create an account that will act as an Administration Server administrator. Enter the user name and password. The user password cannot have less than 8 or more than 256 characters.

   If you skip this step, you can create the account later by running the following command:

   /opt/kaspersky/ksc64/sbin/kladduser -n ksc -p <password>

The user is added and Kaspersky Security Center Linux is installed on the primary node.

Installation on the secondary (passive) node

To install Kaspersky Security Center Linux on the secondary node:

1. Make sure that the device on which you want to install Kaspersky Security Center Linux is running one of the supported Linux distributions.
2. Run the Kaspersky Security Center Linux installation. Depending on your Linux distribution, run one of the following commands:
   • sudo apt install /<path>/ksc64_[version_number]_amd64.deb
   • sudo yum install /<path>/ksc64-[version_number].x86_64.rpm -y
3. Run the Kaspersky Security Center Linux configuration:

   sudo /opt/kaspersky/ksc64/lib/bin/setup/postinstall.pl

4. Read the End User License Agreement (EULA) and the Privacy Policy. The text is displayed in the command line window. Press the space bar to view the next text segment. Then, when prompted, enter the following values:
   1. Enter y if you understand and accept the terms of the EULA. Enter n if you do not accept the terms of the EULA. To use Kaspersky Security Center Linux, you must accept the terms of the EULA.
   2. Enter y if you understand and accept the terms of the Privacy Policy, and you agree that your data will be handled and transmitted (including to third countries) as described in the Privacy Policy. Enter n if you do not accept the terms of the Privacy Policy. To use Kaspersky Security Center Linux, you must accept the terms of the Privacy Policy.
5. Select Secondary cluster node as an Administration Server installation mode.
6. When prompted, enter the local path to the mount point of the state share: /mnt/KlFocStateShare

Kaspersky Security Center Linux is installed on the secondary node.

Service verification

Use the following command to verify that failover cluster management service is in status Active: active (running):

systemctl status klfocsvc_klfoc

Use the following commands to verify that other failover cluster services are in status Active: inactive (dead):

• systemctl status klnagent_klfoc
• systemctl status kladminserver_klfoc
• systemctl status klactprx_klfoc
• systemctl status klwebsrv_klfoc
• systemctl status kliam_klfoc

Now, you can test the Kaspersky Security Center Linux failover cluster to make sure that you configured it correctly and that the cluster works properly.

Page top