Modifying cluster configurations

Regarding an Advanced Threat Defense cluster, configurations can be classified into two types:

  • Settings that you configure only from the primary node. For the sake of explanation, these settings are referred as synchronized configuration in this document.
  • Settings that you configure individually in each node of a Advanced Threat Defense cluster. These settings are referred as unsynchronized configuration.

Synchronized configuration — The following are the settings that fall under this category:

  • Analyser profiles
  • User management
  • McAfee ePO integration details
  • HTTP proxy settings
  • DNS settings
  • NTP server settings

Log on to the primary node with admin rights to configure these settings listed above. When you click Save in the corresponding pages, the primary node bundles the entire synchronized configuration in a file and sends it to all available secondary nodes. The secondary nodes save these settings in their database and use these settings later. This configuration file is assigned a version number. This version number is the Config Version listed in the Load Balancing Cluster Setting page.

The primary node sends the configuration file over a secure communication channel to the secondary nodes. You can verify the State column in the Load Balancing Cluster Setting page to verify if the configuration file was successfully applied on a secondary node. Alternatively, you can click Sync All Nodes in the Load Balancing Cluster Setting page for the primary node to send the configuration file to all available nodes. If a secondary node is down, it is indicated in the State column.

Note: When the primary node synchronizes configuration for the cluster, it sends the complete synchronized data to all available nodes in the cluster. That is, you cannot selectively synchronize secondary nodes. Neither can you select the configurations that you want sent to the secondary nodes. However, the configuration-synchronization process does not affect the load-balancing or file-analysis processes of a Advanced Threat Defense Appliance.

Unsynchronized configuration — The following are the settings that fall under this category:

  • Analyzer VMs
  • VM profiles
  • DAT and engine versions of McAfee Anti-Malware Engine.
  • DAT and engine versions of McAfee Gateway Anti-Malware Engine.
  • Whitelist and blacklist entries.
  • Custom YARA rules
  • Database backup and restore configurations.
  • Any configuration done using the CLI.

Log on to each node in the cluster to change these configurations. Make sure that these configurations are same in all nodes of the cluster.