Cluster VM auto synchronization

The primary node pushes all VM settings to the secondary nodes, which enable auto synchronization within VM clusters.

Note:
  • From the Advanced Threat Defense user interface, you can only validate, activate, and delete non-active node VMs.
  • Make sure the node to be added to the cluster are not in "BAD" state or in "VM creation failed" condition.
  • If there is VM synchronization failure (which might be due to failure in copying of the VM image, VM creation failure, or any other case), an automatic reattempt of the synchronization does not take place.

    For VM Sync failure on secondary/backup node the node’s status on primary shows VM Sync failed. In this case user has to go to each Individual node and check system log for further steps. Take corrective measures for failure scenarios, then click the Sync All VMs button, if VM synchronization starts automatically no further action is required.

  • Sample distribution to a particular node does not take place in case the node has either of the following status messages: VM Sync In Progress, VM Sync Failed.
  • If secondary node’s system.log says VMSync cannot be initiated as VM Creation has failed on this node, then execute the CLI command reboot vmcreator.
  • VM sync does not happen in case Primary node and Secondary node has image with same name.
  • In a hybrid clustering environment, the Microsoft Office and analyzer VM operating system licenses have not been retained because of hardware changes.

Adding nodes in a hybrid cluster scenario

Scenario Outcome
Add an ATD-3000 or ATD-3100 primary node to an ATD-6000 or ATD-6100 cluster with more than 30 VMs Advanced Threat Defense notifies you to decrease the licenses in ATD-6000 or ATD-6100 primary node before you can add the secondary node.
Add an ATD-6000 or ATD-6100 node with more than 30 VMs to a cluster with an ATD-3000 or ATD-3100 primary node Advanced Threat Defense successfully adds the node to the cluster, and secondary node VMs are deleted.

Primary node upgrade in a hybrid cluster scenario

Scenario Outcome
Upgrade ATD-6000 or ATD-6100 primary node with more than 30 VMs and one ATD-3000 or ATD-3100 secondary node Advanced Threat Defense notifies you to decrease the VM licenses in ATD-6000 or ATD-6100 to 30 or less.

When you fail to decrease the number of licenses, synchronization causes the VM creation process to fail in ATD-3000 or ATD-3100 nodes.

Upgrade ATD-3000 or ATD-3100 primary node and ATD-6000 or ATD-6100 secondary node with more than 30 VMs Advanced Threat Defense successfully completes upgrade. When the synchronization process completes, you must delete the additional secondary ATD-6000 or ATD-6100 nodes.
Configuration Definition
Synchronized

Advanced Threat Defense automatically synchronizes these settings between all nodes:

  • VM profiles

    When you add nodes to clusters, or change the primary node VM profile, Advanced Threat Defense pushes the primary node VM configurations to the secondary nodes.

  • Maximum threshold wait time
  • LDAP user credentials
  • Proxy settings
  • SNMP settings
  • Syslog settings
  • Blacklist entries
  • Whitelist entries
  • Telemetry
  • User management
  • McAfee ePO integration
  • McAfee® Data Exchange Layer (DXL) integration
  • DNS settings
  • Backup database
  • System time
  • Global settings

On the secondary and backup nodes, Advanced Threat Defense disables the web interface settings.

Unsynchronized If you want to change the following settings, you must change them on each individual node:
  • Advanced Threat Defense software version
  • McAfee Anti-Malware Engine DAT and engine versions
  • McAfee Gateway Anti-Malware Engine DAT and engine versions
  • Time zone
  • NTP server time zone
  • Custom YARA rules
  • CLI configuration changes