High-level steps to configure clusters

Follow these high-level steps to configure an Advanced Threat Defense cluster.

  1. Identify the Advanced Threat Defense Appliances that you want to use to create the cluster. You can add additional secondary nodes to a working Advanced Threat Defense cluster.
  2. Make sure that the Advanced Threat Defense Appliances meet the requirements.
  3. Identify an unassigned IP address, which is in the same L2 network as are Primary node and Backup node. This IP address is assigned to the cluster as "Cluster IP" address.
  4. Out of the Advanced Threat Defense Appliances, identify the one that you plan to use as the primary node. All other Advanced Threat Defense Appliances are secondary nodes. Once you define the cluster, you cannot change the primary node without redefining the cluster itself. Similarly, once Backup node is added it cannot be changed unless it is removed from Cluster.

    Factor in the following when you decide on the primary node.

    • Use the primary node's IP address to submit files and to manage the configuration.
    • Products such as Network Security Platform, Web Gateway and Email Gateway must be integrated with the primary node's IP address. Since the result and report retrieval is through the primary, connection between the integrated products and the secondary nodes is not mandatory. With 3.4.2 release, Cluster IP is point of contact for these integrated products, if user chooses to configure a Backup node.
    • The synchronized configurations of the secondary are overwritten with that of the primary node. Post cluster creation, you use the primary node to manage these configurations.
  5. Make sure the secondary nodes and the primary node are able to communicate with each other using their management ports.
  6. As a best practice, back up the configuration of all nodes, especially the secondary nodes, before you configure the cluster.
  7. Make sure that the integrated products are configured to use the primary node. This includes the integrated McAfee products as well as any third-party application or script that use the Advanced Threat Defense REST APIs. With 3.4.2 release Cluster IP is point of contact for these integrated products, if user chooses to configure a backup node.
  8. Create the Advanced Threat Defense cluster.
  9. Submit files and URLs to the Advanced Threat Defense cluster.
  10. View the analysis results for an Advanced Threat Defense cluster.
  11. Manage configurations for the cluster.