Scenario: Deployment of Kaspersky Security Center Linux failover cluster
A Kaspersky Security Center Linux failover cluster provides high availability of Kaspersky Security Center Linux and minimizes downtime of Administration Server in case of a failure. The failover cluster is based on two identical instances of Kaspersky Security Center Linux installed on two computers. One of the instances works as an active node and the other one is a passive node. The active node manages protection of the client devices, while the passive one is prepared to take all of the functions of the active node in case the active node fails. When a failure occurs, the passive node becomes active and the active node becomes passive.
Prerequisites
You have the hardware that meets the requirements for the failover cluster.
Kaspersky applications deployment proceeds in stages:
- Creating accounts for Kaspersky Security Center Linux services
Perform the following steps on the active node, passive node, and the file server:
- Create a domain group with the name 'kladmins' and assign the same GID to all three groups.
- Create a user account with the name 'ksc' and assign the same UID to all three user accounts. Set the primary group to 'kladmins' for the created accounts.
- Create a user account with the name 'rightless' and assign the same UID to all three user accounts. Set the primary group to 'kladmins' for the created accounts.
- File server preparation
Prepare the file server to work as a component of Kaspersky Security Center Linux failover cluster. Make sure that the file server meets the hardware and software requirements, create two shared folders for Kaspersky Security Center Linux data, and configure permissions to access the shared folders.
How-to instructions: Preparing a file server for Kaspersky Security Center Linux failover cluster
- Preparation of active and passive nodes
Prepare two computers with identical hardware and software to work as an active and passive nodes.
How-to instructions: Preparing nodes for Kaspersky Security Center Linux failover cluster
- Database Management System (DBMS) installation
You have two options:
- If you want to use MariaDB Galera Cluster, you do not need a dedicated computer for DBMS. Install MariaDB Galera Cluster on each of the nodes.
- If you want to use any other supported DBMS, install the selected DBMS on a dedicated computer.
- Kaspersky Security Center Linux installation
Install Kaspersky Security Center Linux in the failover cluster mode on both nodes. You must first install Kaspersky Security Center Linux on the active node, and then install it on the passive one.
Additionally, you can install Kaspersky Security Center Web Console on a separate device that is not a cluster node.
- Testing the failover cluster
Check that you configured the failover cluster correctly and it works properly. For example, you can stop one of the Kaspersky Security Center Linux services on the active node: kladminserver, klnagent, ksnproxy, klactprx, or klwebsrv. After the service stopped, the protection management must be automatically switched to the passive node.
Results
Kaspersky Security Center Linux failover cluster is deployed. Please be acquainted with the events that lead to the switch between the active and passive nodes.
