A Kaspersky Security Center failover cluster provides high availability of Kaspersky Security Center and minimizes downtime of Administration Server in case of a failure. The failover cluster is based on two identical instances of Kaspersky Security Center installed on two computers. One of the instances works as an active node and the other one is a passive node. The active node manages protection of the client devices, while the passive one is prepared to take all of the functions of the active node in case the active node fails. When a failure occurs, the passive node becomes active and the active node becomes passive.
Hardware and software requirements
To deploy a Kaspersky Security Center failover cluster, you must have the following hardware:
Make sure you have provided high network bandwidth between the file server, and the active and passive nodes.
Deployment schemes
You can choose one of the following schemes to deploy Kaspersky Security Center failover cluster:
A scheme that uses a secondary network adapter
Scheme legend:
Administration Server sends data to the database. Open the necessary ports on the device where the database is located, for example, port 3306 for MySQL Server, or port 1433 for Microsoft SQL Server. Please refer to the DBMS documentation for the relevant information.
On the managed devices, open the following ports: TCP 13000, UDP 13000, and TCP 17000.
A scheme that uses a third-party load balancer
Scheme legend:
On the load balancer device, open all of the Administration Server ports: TCP 13000, UDP 13000, TCP 13291, TCP 13299, and TCP 17000.
On the managed devices, open the following ports: TCP 13000, UDP 13000, and TCP 17000.
Administration Server sends data to the database. Open the necessary ports on the device where the database is located, for example, port 3306 for MySQL Server, or port 1433 for Microsoft SQL Server. Please refer to the DBMS documentation for the relevant information.
Switch conditions
The failover cluster switches protection management of the client devices from the active node to the passive node if any of the following events occurs on the active node: