About the Kaspersky Security Center failover cluster

A Kaspersky Security Center failover cluster provides high availability of Kaspersky Security Center and minimizes downtime of Administration Server in case of a failure. The failover cluster is based on two identical instances of Kaspersky Security Center installed on two computers. One of the instances works as an active node and the other one is a passive node. The active node manages protection of the client devices, while the passive one is prepared to take all of the functions of the active node in case the active node fails. When a failure occurs, the passive node becomes active and the active node becomes passive.

Hardware and software requirements

To deploy a Kaspersky Security Center failover cluster, you must have the following hardware:

Two computers with identical hardware and software. These computers will act as the active and passive nodes.
A file server that supports the CIFS/SMB protocol, version 2.0 or later. You must provide a dedicated computer that will act as a file server.
Make sure you have provided high network bandwidth between the file server, and the active and passive nodes.
A computer with Database Management System (DBMS).

Deployment schemes

You can choose one of the following schemes to deploy Kaspersky Security Center failover cluster:

A scheme that uses a secondary network adapter.
A scheme that uses a third-party load balancer.

A scheme that uses a secondary network adapter

Scheme legend:

Icon 1 on the deployment scheme Administration Server sends data to the database. Open the necessary ports on the device where the database is located, for example, port 3306 for MySQL Server, or port 1433 for Microsoft SQL Server. Please refer to the DBMS documentation for the relevant information.

Icon 2 on the deployment scheme On the managed devices, open the following ports: TCP 13000, UDP 13000, and TCP 17000.

A Kaspersky Security Center deployment scheme that includes a third-party load balancer.

A scheme that uses a third-party load balancer

Scheme legend:

Icon 1 on the deployment scheme On the load balancer device, open all of the Administration Server ports: TCP 13000, UDP 13000, TCP 13291, TCP 13299, and TCP 17000.

Icon 2 on the deployment scheme On the managed devices, open the following ports: TCP 13000, UDP 13000, and TCP 17000.

Icon 3 on the deployment scheme Administration Server sends data to the database. Open the necessary ports on the device where the database is located, for example, port 3306 for MySQL Server, or port 1433 for Microsoft SQL Server. Please refer to the DBMS documentation for the relevant information.

Switch conditions

The failover cluster switches protection management of the client devices from the active node to the passive node if any of the following events occurs on the active node:

The active node is broken due to a software or hardware failure.
The active node was temporarily stopped for maintenance activities.
At least one of the Kaspersky Security Center services (or processes) failed or was deliberately terminated by user. The Kaspersky Security Center services are the following ones: kladminserver, klnagent, klactprx, and klwebsrv.
The network connection between the active node and the storage on the file server was interrupted or terminated.