Deploying the Central Node and Sensor components as a cluster

A cluster must include at least 4 servers: 2 storage servers and 2 processing servers. You can use the Sizing Guide determine the right number of servers for your organization.

Deployment of the Central Node and Sensor components in the form of a cluster includes the following steps:

1. Deploying the first storage server

   The first step is to deploy the storage server. After the storage server is deployed, you can add additional storage and processing servers to the cluster.

2. Deploying processing servers and additional storage servers

   You can deploy the servers in any order.

3. Configuring the sizing settings of the application

   At the final stage of cluster deployment, you need to configure the scaling settings of the application: specify the planned volume of SPAN traffic, email traffic, the number of hosts with the Endpoint Agent component, as well as the size of the Storage and event database.

The Central Node component is always installed together with the Sensor component. If you need to use the Central Node component separately, when deploying the processing server, turn off receipt of mirrored traffic from SPAN ports at step 11.

If you have a cluster deployed on physical servers and want to add more hard drives to these servers or replace some of the existing drives and then reinstall the cluster, you must purge the drives previously allocated for the OSD (Object Storage Daemon) on the storage servers before installing components. Otherwise, the application is not guaranteed to work correctly. If you want to completely disconnect the drives and no longer plan to reconnect them to the server, purging the drives is not necessary.

Deploying a storage server

To deploy a data storage server, you need to run a disk image with the Central Node and Sensor components.

If an error occurred while performing the steps of the Setup Wizard, contact Technical Support.

Page top

Step 1. Viewing the End User License Agreement and Privacy Policy

To continue the installation, you must read the End User License Agreement and Privacy Policy and accept their terms and conditions. Installation will not continue until you accept the terms of the End User License Agreement and Privacy Policy.

To accept the terms and conditions of the End User License Agreement and the Privacy Policy when installing the components based on the Ubuntu operating system:

1. Select the language for viewing the End User License Agreement and Privacy Policy of AO Kaspersky Lab in the list and press Enter.

   This opens a window with the text of the AO Kaspersky Lab End User License Agreement.

2. Read the AO Kaspersky Lab End User License Agreement.

   To move up and down, you can use the keys: ↑, ↓, PageUp, and PageDown.

3. If you accept the AO Kaspersky Lab End User License Agreement, select the I accept button and press Enter.

   This opens a window with the text of the AO Kaspersky Lab Privacy Policy.

4. Read the AO Kaspersky Lab Privacy Policy.
5. If you accept the terms and conditions of the AO Kaspersky Lab Privacy Policy, select the I accept button and press Enter.

The Setup Wizard proceeds to the next step.

To accept the terms and conditions of the End User License Agreement and the Privacy Policy when installing the components based on the Astra Linux operating system:

1. Select the language for viewing the End User License Agreement for Astra Linux operating systems from the list by pressing the F1 key and press Enter.

   This opens a window with the text of the Astra Linux End User License Agreement.

2. Read the End User License Agreement of the Astra Linux operating systems.

   To move up and down, you can use the keys: ↑, ↓, PageUp, and PageDown.

3. If you accept the terms and conditions of the End User License Agreement of Astra Linux operating systems, select Yes and press Enter.

   This opens a window in which you can select the language for viewing the AO Kaspersky Lab End User License Agreement and Privacy Policy.

4. Select the language for viewing the AO Kaspersky Lab End User License Agreement and Privacy Policy in the list and press Enter.

   This opens a window with the text of the AO Kaspersky Lab End User License Agreement.

5. Read the AO Kaspersky Lab End User License Agreement.

   To move up and down, you can use the keys: ↑, ↓, PageUp, and PageDown.

6. If you accept the terms and conditions of the AO Kaspersky Lab End User License Agreement, select the I accept button and press Enter.

   This opens a window with the text of the AO Kaspersky Lab Privacy Policy.

7. Read the AO Kaspersky Lab Privacy Policy.
8. If you accept the terms and conditions of the AO Kaspersky Lab Privacy Policy, select the I accept button and press Enter.

The Setup Wizard proceeds to the next step.

Step 2. Selecting a server role

To select a server role:

1. Select one of the following options:
   • storage.

     This role is for installing a storage server for deploying the Central Node component as a cluster.

   • processing.

     This role is for installing a processing server for deploying the Central Node component as a cluster.

     The role also includes the installation and configuration of the Sensor component.

   • single.

     This role is for installing the Central Node and Sensor components on the same server.

   • sensor.

     This role is for installing the Sensor component on a standalone server.

2. Press Enter.

The Setup Wizard proceeds to the next step.

Step 3. Selecting the deployment mode

To select a deployment mode:

1. Select one of the following options:
   • First node installation.

     Select this value when deploying the first server in the cluster.

   • Add extra node to the cluster.

     Select this value when deploying a server that will be added to an existing cluster.

2. Press Enter.

The Setup Wizard proceeds to the next step.

Step 4. Selecting a disk for installing the component

You need at least 150 GB of disk space. If less than 150 GB of disk space is available, the installation finishes with an error.

To select a disk for installing the component:

1. Select one of the suggested drives for installing the component and press Enter.

   The confirmation window is displayed.

2. Select Yes and press Enter.

The Setup Wizard proceeds to the next step.

Step 5. Selecting a network mask for server addressing

We recommend using the default value.

The netmask may not match netmasks used in the organization's infrastructure.

To specify the network mask for server addressing:

• If you want to use the predefined value for the network mask, select the Ok button and press Enter.

  Default value: 198.18.0.0/16.

• If you want to specify a different network mask, in the Subnet field, enter your value, select the Ok button, and press Enter.

  The mask must match the template: x.x.0.0/16.

The Setup Wizard proceeds to the next step.

Step 6. Selecting a network mask for addressing of application components

We recommend using the default value.

The network for application component addressing must not overlap with the network for cluster server addressing.

To specify the network mask for addressing the main components of the application:

• If you want to use the predefined value for the network mask, select the Ok button and press Enter.

  Default value: 198.19.0.0/16.

• If you want to specify a different network mask, in the Bridge/overlay subnets field, enter your value, select the Ok button, and press Enter.

  The mask must match the template: x.x.0.0/16.

The Setup Wizard proceeds to the next step.

Step 7. Selecting the cluster network interface

The cluster network interface is used for communication between cluster servers.

To select the cluster network interface:

1. Select the row containing the network interface that is used for the internal network.

   To select a row, you can use the ↑, ↓, PageUp, and PageDown keys. The selected row is highlighted in red.

2. Press Enter.

The Setup Wizard proceeds to the next step.

Step 8. Selecting the external network interface

The external network interface is used for SSH access to the server, managing the web interface of Kaspersky Anti Targeted Attack Platform, and other external connections.

To select the external network interface:

1. Select the row containing the network interface that is used for the external network.

   To select a row, you can use the ↑, ↓, PageUp, and PageDown keys. The selected row is highlighted in red.

2. Press Enter.

The Setup Wizard proceeds to the next step.

Step 9. Selecting the method of obtaining IP addresses for network interfaces

To select a method for obtaining an IP address for network interfaces:

1. Select the row containing the Configuration type: and press Enter.

   To select a row, you can use the ↑, ↓, PageUp, and PageDown keys. The selected row is highlighted in red.

2. In the opened window, select one of the following options:
   • dhcp.
   • static.
3. If you selected static:
   1. Select the row containing the parameter and press the Enter key.
   2. In the opened window, enter the required data and press Enter twice.

      You need to specify a value for each parameter.

4. Select the row containing Save.
5. Press Enter.

The Setup Wizard proceeds to the next step.

Step 10. Creating an administrator account and authenticating the server in the cluster

During this step, you need to do one of the following:

• Create an administrator account if you are deploying the first server in the cluster.
• Authenticate a server in the cluster if you are deploying additional storage servers.

Creating the administrator account

An administrator account is only required when deploying the first server in the cluster. If you are deploying an additional storage server, instead of opening a window that prompts you to create an administrator account, the application prompts you to authenticate the server in the cluster.

When deploying the first server in the cluster, you need to create an administrator account. This account is used to work in the web interface for sizing management, the application administrator menu, and to work in Technical Support Mode.

By default, the user name of the administrator account is admin. You must enter a password for that user account.

To enter a password for the administrator user account:

1. This opens a window; in that window, in the min length field, enter the minimum password length. You must enter a value of 8 or greater.
2. Select Ok and press Enter.

   This opens the password creation window.

3. This opens a window; in that window, in the password field, enter the password for the administrator account.

   To select a row, you can use the ↑, ↓, PageUp, and PageDown keys. The selected row is highlighted in red.

4. In the confirm field, enter the password again.
5. Select Ok and press Enter.

The Setup Wizard proceeds to the next step.

Authenticating the server in the cluster

Authenticating a server in the cluster is only required when deploying additional storage servers. If you are deploying the first server in the cluster, the application prompts you to create an administrator account instead of authenticating the server.

To authenticate a server in the cluster, you need to enter the admin account password that was set when the first server in the cluster was deployed.

To authenticate a server in the cluster:

1. In the password field, enter the password for the administrator account.
2. Select Ok and press Enter.

   To select a button, you can use the ↑, ↓, PageUp, and PageDown keys.

The server in the cluster will be authenticated. The Setup Wizard proceeds to the next step.

Step 11. Adding DNS server addresses

This step is available if you are deploying the first server in the cluster.

Configure the DNS settings for the operation of servers with application components.

To add DNS server addresses:

1. Select the Add field and press Enter.
2. Enter the IP address of the DNS server in the IPv4 format.
3. If you want to add the IP address of an additional DNS server, select the Add field, press Enter and enter the address of the server.
4. Having added all DNS servers, select the Continue field and press Enter.

The Setup Wizard proceeds to the next step.

Step 12. Configuring time synchronization with an NTP server

This step is available if you are deploying the first server in the cluster.

Configure synchronization of the server time with the NTP server.

1. Select the Add field and press Enter.
2. Enter the IP address or name of the NTP server.
3. If you want to add the IP address or name of an additional NTP server, select the Add field, press Enter, and enter the IP address or name of the NTP server.
4. Having added all NTP servers, select the Continue field and press Enter.

The Setup Wizard proceeds to the next step.

Step 13. Selecting disks for the Ceph storage

Select the disks for the Ceph storage. The number of drives is determined according to the scaling guide.

To select disks for the Ceph storage:

1. Select the row containing the required drive.

   To select a row, you can use the ↑, ↓, PageUp, and PageDown keys. The selected row is highlighted in red.

2. Press Enter.
3. Repeat steps 1 to 2 to select more drives if you want to select multiple drives.
4. Select the Apply and finish field and press Enter.

   The confirmation window is displayed.

5. Select Yes and press Enter.

The configuration may take some time. Then the installation is complete. You can proceed to the configuration of cluster servers in the web interface for sizing management.

Deploying the processing server

To deploy a processing server, you need to run a disk image with the Central Node and Sensor components.

If an error occurred while performing the steps of the Setup Wizard, contact Technical Support.

Step 1. Viewing the End User License Agreement and Privacy Policy

To continue the installation, you must read the End User License Agreement and Privacy Policy and accept their terms and conditions. Installation will not continue until you accept the terms of the End User License Agreement and Privacy Policy.

To accept the terms and conditions of the End User License Agreement and the Privacy Policy when installing the components based on the Ubuntu operating system:

1. Select the language for viewing the End User License Agreement and Privacy Policy of AO Kaspersky Lab in the list and press Enter.

   This opens a window with the text of the AO Kaspersky Lab End User License Agreement.

2. Read the AO Kaspersky Lab End User License Agreement.

   To move up and down, you can use the keys: ↑, ↓, PageUp, and PageDown.

3. If you accept the AO Kaspersky Lab End User License Agreement, select the I accept button and press Enter.

   This opens a window with the text of the AO Kaspersky Lab Privacy Policy.

4. Read the AO Kaspersky Lab Privacy Policy.
5. If you accept the terms and conditions of the AO Kaspersky Lab Privacy Policy, select the I accept button and press Enter.

The Setup Wizard proceeds to the next step.

To accept the terms and conditions of the End User License Agreement and the Privacy Policy when installing the components based on the Astra Linux operating system:

1. Select the language for viewing the End User License Agreement for Astra Linux operating systems from the list by pressing the F1 key and press Enter.

   This opens a window with the text of the Astra Linux End User License Agreement.

2. Read the End User License Agreement of the Astra Linux operating systems.

   To move up and down, you can use the keys: ↑, ↓, PageUp, and PageDown.

3. If you accept the terms and conditions of the End User License Agreement of Astra Linux operating systems, select Yes and press Enter.

   This opens a window in which you can select the language for viewing the AO Kaspersky Lab End User License Agreement and Privacy Policy.

4. Select the language for viewing the AO Kaspersky Lab End User License Agreement and Privacy Policy in the list and press Enter.

   This opens a window with the text of the AO Kaspersky Lab End User License Agreement.

5. Read the AO Kaspersky Lab End User License Agreement.

   To move up and down, you can use the keys: ↑, ↓, PageUp, and PageDown.

6. If you accept the terms and conditions of the AO Kaspersky Lab End User License Agreement, select the I accept button and press Enter.

   This opens a window with the text of the AO Kaspersky Lab Privacy Policy.

7. Read the AO Kaspersky Lab Privacy Policy.
8. If you accept the terms and conditions of the AO Kaspersky Lab Privacy Policy, select the I accept button and press Enter.

The Setup Wizard proceeds to the next step.

Step 2. Selecting a server role

To select a server role:

1. Select one of the following options:
   • storage.

     This role is for installing a storage server for deploying the Central Node component as a cluster.

   • processing.

     This role is for installing a processing server for deploying the Central Node component as a cluster.

     The role also includes the installation and configuration of the Sensor component.

   • single.

     This role is for installing the Central Node and Sensor components on the same server.

   • sensor.

     This role is for installing the Sensor component on a standalone server.

2. Press Enter.

The Setup Wizard proceeds to the next step.

Step 3. Selecting a disk for installing the component

You need at least 150 GB of disk space. If less than 150 GB of disk space is available, the installation finishes with an error.

To select a disk for installing the component:

1. Select one of the suggested drives for installing the component and press Enter.

   The confirmation window is displayed.

2. Select Yes and press Enter.

The Setup Wizard proceeds to the next step.

Step 4. Selecting a network mask for cluster server addressing

We recommend using the default value.

The netmask may not match netmasks used in the organization's infrastructure.

To specify the network mask for cluster server addressing:

• If you want to use the predefined value for the network mask, select the Ok button and press Enter.

  Default value: 198.18.0.0/16.

• If you want to specify a different network mask, in the Subnet field, enter your value, select the Ok button, and press Enter.

  The mask must match the template: x.x.0.0/16.

The Setup Wizard proceeds to the next step.

Step 5. Selecting a network mask for addressing of application components

We recommend using the default value.

The network for application component addressing must not overlap with the network for cluster server addressing.

To specify the network mask for addressing the main components of the application:

• If you want to use the predefined value for the network mask, select the Ok button and press Enter.

  Default value: 198.19.0.0/16.

• If you want to specify a different network mask, in the Bridge/overlay subnets field, enter your value, select the Ok button, and press Enter.

  The mask must match the template: x.x.0.0/16.

The Setup Wizard proceeds to the next step.

Step 6. Selecting the cluster network interface

The cluster network interface is used for communication between cluster servers.

To select the cluster network interface:

1. Select the row containing the network interface that is used for the internal network.

   To select a row, you can use the ↑, ↓, PageUp, and PageDown keys. The selected row is highlighted in red.

2. Press Enter.

The Setup Wizard proceeds to the next step.

Step 7. Selecting the external network interface

The external network interface is used for SSH access to the server, managing the web interface of Kaspersky Anti Targeted Attack Platform, and other external connections.

To select the external network interface:

1. Select the row containing the network interface that is used for the external network.

   To select a row, you can use the ↑, ↓, PageUp, and PageDown keys. The selected row is highlighted in red.

2. Press Enter.

The Setup Wizard proceeds to the next step.

Step 8. Selecting the method of obtaining IP addresses for network interfaces

To select a method for obtaining an IP address for network interfaces:

1. Select the row containing the Configuration type: and press Enter.

   To select a row, you can use the ↑, ↓, PageUp, and PageDown keys. The selected row is highlighted in red.

2. In the opened window, select one of the following options:
   • dhcp.
   • static.
3. If you selected static:
   1. Select the row containing the parameter and press the Enter key.
   2. In the opened window, enter the required data and press Enter twice.

      You need to specify a value for each parameter.

4. Select the row containing Save.
5. Press Enter.

The Setup Wizard proceeds to the next step.

Step 9. Authenticating the server in the cluster

To authenticate a server in the cluster, you need to enter the admin account password that was set when the first server in the cluster was deployed.

To authenticate a server in the cluster:

1. In the password field, enter the password for the administrator account.
2. Select Ok and press Enter.

   To select a button, you can use the ↑, ↓, PageUp, and PageDown keys.

The server in the cluster will be authenticated. The Setup Wizard proceeds to the next step.

Step 10. Configuring receipt of mirrored traffic from SPAN ports

To turn on receipt of mirrored traffic from SPAN ports:

1. This opens a window, in that window, select Yes and press Enter.
2. In the displayed list, select the network interfaces from which you want to capture network traffic.
3. Select the line containing Apply and finish and press Enter.

The configuration may take some time. Then the installation is complete. For the application to work correctly, you need to configure the server in the web interface for sizing management.

To turn off receipt of mirrored traffic from SPAN ports:

1. This opens a window, in that window, select No and press Enter.

The configuration may take some time. Then the installation is complete. For the application to work correctly, you need to configure the server in the web interface for sizing management.

Purging hard drives on storage servers

If you have a cluster deployed on servers and want to add more hard drives to these servers or replace some of the existing drives and then reinstall the cluster, you must purge the drives previously allocated for the OSD (Object Storage Daemon) on the storage servers before installing components. Otherwise, the application is not guaranteed to work correctly.

To purge the disks allocated for OSD on a live storage server:

1. Sign in to the management console of the server where you want to purge the disks over SSH or through the terminal.
2. Stop the OSD starter service by running sudo systemctl stop kata-osd-starter.service.
3. Stop OSD containers by running sudo docker ps --filter name=osd -q | xargs docker stop.
4. Get a list of OSD disks by running sudo ceph-volume --cluster ceph lvm list | grep devices.
5. Purge these disks by running sudo ceph-volume lvm zap --destroy /dev/<disk name>.

   You must run this command for each drive that you got at step 4. For example: sudo ceph-volume lvm zap --destroy /dev/sda.

The OSD daemon is removed from the disks.

If the server is not live, you must delete the information about volume groups from each disk allocated for the OSD.

To delete the information about volume groups from each disk allocated for the OSD on a non-live server:

1. Start the server with the alternative operating system.
2. Get group IDs for each disk allocated for the OSD using the sudo pvs command.

   This command outputs a table where PV are physical volumes, VG indicates logical group membership, Fmt indicates the volume format, and Size indicates the physical volume size.

3. Remove the relevant volume groups by running sudo vgremove <volume group ID>.

Information about volume groups on disks allocated for OSD is deleted.