Scenario: Deployment of a Kaspersky Security Center failover cluster
Dec 4, 2023
A Kaspersky Security Center failover cluster provides high availability of Kaspersky Security Center and minimizes downtime of Administration Server in case of a failure. The failover cluster is based on two identical instances of Kaspersky Security Center installed on two computers. One of the instances works as an active node and the other one is a passive node. The active node manages protection of the client devices, while the passive one is prepared to take all of the functions of the active node in case the active node fails. When a failure occurs, the passive node becomes active and the active node becomes passive.
You have hardware that meets the requirements for the failover cluster.
Kaspersky applications deployment proceeds in stages:
- Creating an account for Kaspersky Security Center services
Create a new domain group (in this scenario the name 'KLAdmins' is used for this group), and then grant the local administrator's permissions to the group on both nodes and on the file server. Then create two new domain user accounts, (in this scenario the names 'ksc' and 'rightless' are used for these accounts), and add the accounts to the KLAdmins domain group.
Add the user account, under which Kaspersky Security Center will be installed, to the previously created KLAdmins domain group.
- File server preparation
Prepare the file server to work as a component of the Kaspersky Security Center failover cluster. Make sure that the file server meets the hardware and software requirements, create two shared folders for Kaspersky Security Center data, and configure permissions to access the shared folders.
How-to instructions: Preparing a file server for the Kaspersky Security Center failover cluster
- Preparation of active and passive nodes
Prepare two computers with identical hardware and software to work as the active and passive nodes.
How-to instructions: Preparing nodes for the Kaspersky Security Center failover cluster
- Database Management System (DBMS) installation
- Kaspersky Security Center installation
Install Kaspersky Security Center in the failover cluster mode on both nodes. You must first install Kaspersky Security Center on the active node, and then install it on the passive one.
Additionally, you can install Kaspersky Security Center Web Console on a separate device that is not a cluster node.
- Testing the failover cluster
Check that you configured the failover cluster correctly and that it works properly. For example, you can stop one of the Kaspersky Security Center services on the active node: kladminserver, klnagent, ksnproxy, klactprx, or klwebsrv. After the service is stopped, the protection management must be automatically switched to the passive node.
The Kaspersky Security Center failover cluster is deployed. Please familiarize yourself with the events that lead to the switch between the active and passive nodes.