Deploying the Central Node and Sensor components as a cluster

A cluster must include at least 4 servers: 2 storage servers and 2 processing servers. You can use the Sizing Guide determine the right number of servers for your organization.

Deployment of the Central Node and Sensor components in the form of a cluster includes the following steps:

1. Deploying the first storage server

   The first step is to deploy the storage server. After the storage server is deployed, you can add additional storage and processing servers to the cluster.

2. Deploying processing servers and additional storage servers

   You can deploy the servers in any order.

3. Configuring the sizing settings of the application

   At the final stage of cluster deployment, you need to configure the scaling settings of the application: specify the planned volume of SPAN traffic, email traffic, the number of hosts with the Endpoint Agent component, as well as the size of the Storage and event database.

The Central Node component is always installed together with the Sensor component. If you need to use the Central Node component separately, when deploying the processing server, turn off receipt of mirrored traffic from SPAN ports at step 11.

If you have a cluster deployed on physical servers and want to add more hard drives to these servers or replace some of the existing drives and then reinstall the cluster, you must purge the drives previously allocated for the OSD (Object Storage Daemon) on the storage servers before installing components. Otherwise, the application is not guaranteed to work correctly. If you want to completely disconnect the drives and no longer plan to reconnect them to the server, purging the drives is not necessary.

When deploying a cluster on virtual servers, it is strongly not recommended to use the E1000 network adapter. If you select E1000 as the network adapter, the application displays the following error: "Error processing TAA rules. Try disabling some of the user rules." We recommend using the VMXNET 3 network adapter.

Deploying a storage server

To deploy a data storage server, you need to run a disk image with the Central Node and Sensor components.

If an error occurred while performing the steps of the Setup Wizard, contact Technical Support.

Step 1. Selecting a server role

At this step of the wizard, you must select the role of the server. The following role are available:

• 1 (storage node).

  This role is for installing a storage server for deploying the Central Node component as a cluster.

• 2 (computation node).

  This role is for installing a processing server for deploying the Central Node component as a cluster.

• 3 (single mode (central node)).

  This role is for installing the Central Node and Sensor components on the same server.

• 4 (sensor node).

  This role is for installing the Sensor component on a standalone server.

To select a server role:

1. Enter one of the following numbers:
   • 1 if you want to install a storage server for deploying the Central Node component as a cluster.
   • 2 if you want to install a processing server for deploying the Central Node component as a cluster.

     The role also includes the installation and configuration of the Sensor component.

   • 3 if you want to install the Central Node and Sensor components on the same server.
   • 4 if you want to install the Sensor component on a standalone server.
2. Press ENTER.

The Setup Wizard proceeds to the next step.

Step 2. Selecting the deployment mode

At this step of the wizard, you must select the server deployment mode. The following deployment modes are available:

• 1 (first node installation).

  This mode is used when deploying the first server in the cluster.

• 2 (add extra node to the cluster).

  This mode is used when deploying a server that you want to add to an existing cluster.

To select a deployment mode:

1. Enter one of the following numbers:
   • 1 to deploy the first server in the cluster.
   • 2 to deploy a server that you want to add to an existing cluster.
2. Press Enter.

The Setup Wizard proceeds to the next step.

Step 3. Selecting a disk for installing the component

To select a disk for installing the component:

1. Enter the number of the relevant disk.
2. Press Enter.
3. Do the following:
   • Enter y if you want to confirm the drive selection.
   • Enter n if you want to select a different drive.
4. If you selected n, repeat steps 1-2 of these instructions.

The Setup Wizard proceeds to the next step.

Step 4. Viewing the End User License Agreement and Privacy Policy

To continue installation, you need to read the End User License Agreement and Privacy Policy and accept their terms. Installation will not continue until you accept the terms of the End User License Agreement and Privacy Policy.

To accept the terms of the End User License Agreement and Privacy Policy:

1. Press Enter.
2. Read the End User License Agreement and the Privacy Policy.

   To move up and down, you can use the keys: ↑ and ↓, PageUp and PageDown, or Enter.

3. If you accept the End User License Agreement and the Privacy Policy, select I accept and press Enter.

The Setup Wizard proceeds to the next step.

Step 5. Selecting a network mask for cluster server addressing

We recommend using the default values.

The netmask must not match netmasks used in the organization's infrastructure.

To specify the network mask for cluster server addressing:

• If you want to use the predefined value for the network mask, press Enter.

  Default value: 198.18.0.0/16.

• If you want to specify a different network mask, enter the value and press Enter.

  The mask must match the template: x.x.0.0/16.

The Setup Wizard proceeds to the next step.

Step 6. Selecting a network mask for addressing of application components

At this step, you must specify the network mask for addressing the main application components (services) that will operate on servers with the Central Node component.

The network for application component addressing must not overlap with the network for cluster server addressing.

To specify the network mask for addressing the main components of the application:

• If you want to use the predefined value for the network mask, press Enter.

  Default value: 198.19.0.0/16.

• If you want to specify a different network mask, enter the value and press Enter.

  The mask must match the template: x.x.0.0/16.

The Setup Wizard proceeds to the next step.

Step 7. Selecting the cluster network interface

The cluster network interface is used for communication between cluster servers.

To select the cluster network interface:

1. Select the row containing the network interface that is used for the internal network.

   To select a row, you can use the ↑, ↓, PageUp, and PageDown keys. The selected row is highlighted in red.

2. Press Enter.

The Setup Wizard proceeds to the next step.

Step 8. Selecting the external network interface

The external network interface is used for SSH access to the server, managing the web interface of Kaspersky Anti Targeted Attack Platform, and other external connections.

To select the external network interface:

1. Select the row containing the network interface that is used for the external network.

   To select a row, you can use the ↑, ↓, PageUp, and PageDown keys. The selected row is highlighted in red.

2. Press Enter.

The Setup Wizard proceeds to the next step.

Step 9. Selecting the method of obtaining IP addresses for network interfaces

To select a method for obtaining an IP address for network interfaces:

1. Select the row containing the Configuration type: and press Enter.

   To select a row, you can use the ↑, ↓, PageUp, and PageDown keys. The selected row is highlighted in red.

2. In the opened window, select one of the following options:
   • dhcp.
   • static.
3. If you selected static:
   1. Select the row containing the parameter and press the Enter key.
   2. In the opened window, enter the required data and press Enter twice.

      You need to specify a value for each parameter.

4. Select the row containing Save.
5. Press Enter.

The Setup Wizard proceeds to the next step.

Step 10. Creating an administrator account and authenticating the server in the cluster

During this step, you need to do one of the following:

• Create an administrator account if you are deploying the first server in the cluster.
• Authenticate a server in the cluster if you are deploying additional storage servers.

Creating the administrator account

An administrator account is only required when deploying the first server in the cluster. If you are deploying an additional storage server, instead of opening a window that prompts you to create an administrator account, the application prompts you to authenticate the server in the cluster.

When deploying the first server in the cluster, you need to create an administrator account. This account is used to work in the web interface for sizing management, the application administrator menu, and to work in Technical Support Mode.

By default, the user name of the administrator account is admin. You must enter a password for that user account.

To enter a password for the administrator user account:

1. In the password field, enter the password for the administrator account.

   To select a row, you can use the ↑, ↓, PageUp, and PageDown keys. The selected row is highlighted in red.

2. In the confirm field, enter the password again.
3. Select Ok and press Enter.

The Setup Wizard proceeds to the next step.

Authenticating the server in the cluster

Authenticating a server in the cluster is only required when deploying additional storage servers. If you are deploying the first server in the cluster, the application prompts you to create an administrator account instead of authenticating the server.

To authenticate a server in the cluster, you need to enter the admin account password that was set when the first server in the cluster was deployed.

To authenticate a server in the cluster:

1. In the password field, enter the password for the administrator account.
2. Select Ok and press Enter.

   To select a button, you can use the ↑, ↓, PageUp, and PageDown keys.

The server in the cluster will be authenticated. The Setup Wizard proceeds to the next step.

Step 11. Adding DNS server addresses

Configure the DNS settings for the operation of servers with application components.

To add DNS server addresses:

1. Enter the IP address of the primary DNS server in IPv4 format.

   You must enter at least one DNS server address.

2. If you want to add the IP address of an additional DNS server, press Enter and enter the address of the server.
3. Having added all DNS servers, press Enter twice.

The Setup Wizard proceeds to the next step.

Step 12. Selecting disks for the Ceph storage

Select the disks for the Ceph storage. The number of drives is determined according to the scaling guide.

To select disks for the Ceph storage:

1. Select the row containing the required drive.

   To select a row, you can use the ↑, ↓, PageUp, and PageDown keys. The selected row is highlighted in red.

2. Press Enter.
3. Repeat steps 1-2 to select the following drives.

The configuration will take some time. Then the installation is complete. You can proceed to the configuration of cluster servers in the web interface for sizing management.

Deploying the processing server

To deploy a processing server, you need to run a disk image with the Central Node and Sensor components.

If an error occurred while performing the steps of the Setup Wizard, contact Technical Support.

Step 1. Selecting a server role

At this step of the wizard, you must select the role of the server. The following role are available:

• 1 (storage node).

  This role is for installing a storage server for deploying the Central Node component as a cluster.

• 2 (computation node).

  This role is for installing a processing server for deploying the Central Node component as a cluster.

• 3 (single mode (central node)).

  This role is for installing the Central Node and Sensor components on the same server.

• 4 (sensor node).

  This role is for installing the Sensor component on a standalone server.

To select a server role:

1. Enter one of the following numbers:
   • 1 if you want to install a storage server for deploying the Central Node component as a cluster.
   • 2 if you want to install a processing server for deploying the Central Node component as a cluster.

     The role also includes the installation and configuration of the Sensor component.

   • 3 if you want to install the Central Node and Sensor components on the same server.
   • 4 if you want to install the Sensor component on a standalone server.
2. Press ENTER.

The Setup Wizard proceeds to the next step.

Step 2. Selecting the deployment mode

At this step of the wizard, you must select the server deployment mode. The following deployment modes are available:

• 1 (first node installation).

  This mode is used when deploying the first server in the cluster.

• 2 (add extra node to the cluster).

  This mode is used when deploying a server that you want to add to an existing cluster.

To select a deployment mode:

1. Enter one of the following numbers:
   • 1 to deploy the first server in the cluster.
   • 2 to deploy a server that you want to add to an existing cluster.
2. Press Enter.

The Setup Wizard proceeds to the next step.

Step 3. Selecting a disk for installing the component

To select a disk for installing the component:

1. Enter the number of the relevant disk.
2. Press Enter.
3. Do the following:
   • Enter y if you want to confirm the drive selection.
   • Enter n if you want to select a different drive.
4. If you selected n, repeat steps 1-2 of these instructions.

The Setup Wizard proceeds to the next step.

Step 4. Viewing the End User License Agreement and Privacy Policy

To continue installation, you need to read the End User License Agreement and Privacy Policy and accept their terms. Installation will not continue until you accept the terms of the End User License Agreement and Privacy Policy.

To accept the terms of the End User License Agreement and Privacy Policy:

1. Press Enter.
2. Read the End User License Agreement and the Privacy Policy.

   To move up and down, you can use the keys: ↑ and ↓, PageUp and PageDown, or Enter.

3. If you accept the End User License Agreement and the Privacy Policy, select I accept and press Enter.

The Setup Wizard proceeds to the next step.

Step 5. Selecting a network mask for cluster server addressing

We recommend using the default values.

The netmask must not match netmasks used in the organization's infrastructure.

To specify the network mask for cluster server addressing:

• If you want to use the predefined value for the network mask, press Enter.

  Default value: 198.18.0.0/16.

• If you want to specify a different network mask, enter the value and press Enter.

  The mask must match the template: x.x.0.0/16.

The Setup Wizard proceeds to the next step.

Step 6. Selecting a network mask for addressing of application components

At this step, you must specify the network mask for addressing the main application components (services) that will operate on servers with the Central Node component.

The network for application component addressing must not overlap with the network for cluster server addressing.

To specify the network mask for addressing the main components of the application:

• If you want to use the predefined value for the network mask, press Enter.

  Default value: 198.19.0.0/16.

• If you want to specify a different network mask, enter the value and press Enter.

  The mask must match the template: x.x.0.0/16.

The Setup Wizard proceeds to the next step.

Step 7. Selecting the cluster network interface

The cluster network interface is used for communication between cluster servers.

To select the cluster network interface:

1. Select the row containing the network interface that is used for the internal network.

   To select a row, you can use the ↑, ↓, PageUp, and PageDown keys. The selected row is highlighted in red.

2. Press Enter.

The Setup Wizard proceeds to the next step.

Step 8. Selecting the external network interface

The external network interface is used for SSH access to the server, managing the web interface of Kaspersky Anti Targeted Attack Platform, and other external connections.

To select the external network interface:

1. Select the row containing the network interface that is used for the external network.

   To select a row, you can use the ↑, ↓, PageUp, and PageDown keys. The selected row is highlighted in red.

2. Press Enter.

The Setup Wizard proceeds to the next step.

Step 9. Selecting the method of obtaining IP addresses for network interfaces

To select a method for obtaining an IP address for network interfaces:

1. Select the row containing the Configuration type: and press Enter.

   To select a row, you can use the ↑, ↓, PageUp, and PageDown keys. The selected row is highlighted in red.

2. In the opened window, select one of the following options:
   • dhcp.
   • static.
3. If you selected static:
   1. Select the row containing the parameter and press the Enter key.
   2. In the opened window, enter the required data and press Enter twice.

      You need to specify a value for each parameter.

4. Select the row containing Save.
5. Press Enter.

The Setup Wizard proceeds to the next step.

Step 10. Authenticating the server in the cluster

To authenticate a server in the cluster, you need to enter the admin account password that was set when the first server in the cluster was deployed.

To authenticate a server in the cluster:

1. In the password field, enter the password for the administrator account.
2. Select Ok and press Enter.

   To select a button, you can use the ↑, ↓, PageUp, and PageDown keys.

The server in the cluster will be authenticated. The Setup Wizard proceeds to the next step.

Step 11. Configuring receipt of mirrored traffic from SPAN ports

To turn on receipt of mirrored traffic from SPAN ports:

1. Enter y.
2. Press Enter.

The Setup Wizard proceeds to the next step.

To turn off receipt of mirrored traffic from SPAN ports:

1. Enter n.
2. Press Enter.

The Setup Wizard proceeds to the next step.

Step 12. Adding DNS server addresses

Configure the DNS settings for the operation of servers with application components.

To add DNS server addresses:

1. Enter the IP address of the primary DNS server in IPv4 format.

   You must enter at least one DNS server address.

2. If you want to add the IP address of an additional DNS server, press Enter and enter the address of the server.
3. Having added all DNS servers, press Enter.

Installation is complete. You can proceed to the configuration of cluster servers in the web interface for sizing management.

Purging hard drives on storage servers

If you have a cluster deployed on servers and want to add more hard drives to these servers or replace some of the existing drives and then reinstall the cluster, you must purge the drives previously allocated for the OSD (Object Storage Daemon) on the storage servers before installing components. Otherwise, the application is not guaranteed to work correctly.

To purge the disks allocated for OSD on a live storage server:

1. Sign in to the management console of the server where you want to purge the disks over SSH or through the terminal.
2. Stop the OSD starter service by running sudo systemctl stop kata-osd-starter.service.
3. Stop OSD containers by running sudo docker ps --filter name=osd -q | xargs docker stop.
4. Get a list of OSD disks by running sudo ceph-volume --cluster ceph lvm list | grep devices.
5. Purge these disks by running sudo ceph-volume lvm zap --destroy /dev/<disk name>.

   You must run this command for each drive that you got at step 4. For example: sudo ceph-volume lvm zap --destroy /dev/sda.

The OSD daemon is removed from the disks.

If the server is not live, you must delete the information about volume groups from each disk allocated for the OSD.

To delete the information about volume groups from each disk allocated for the OSD on a non-live server:

1. Start the server with the alternative operating system.
2. Get group IDs for each disk allocated for the OSD using the sudo pvs command.

   This command outputs a table where PV are physical volumes, VG indicates logical group membership, Fmt indicates the volume format, and Size indicates the physical volume size.

3. Remove the relevant volume groups by running sudo vgremove <volume group ID>.

Information about volume groups on disks allocated for OSD is deleted.