Installing Advanced Threat Defense in a cluster environment

To make sure that Advanced Threat Defense is always available, you can install Advanced Threat Defense in a cluster environment.

When you set up a cluster environment with two or more Advanced Threat Defense Appliances, you can configure them to share data.

Each Advanced Threat Defense cluster contains these nodes:

  • Primary — Virtually associated to the cluster IP address for configuration and file submission. Integrated products and users access the primary node to submit files for analysis and retrieve analysis results and reports. The Primary node is also the template and control center for the cluster. It is responsible for load-balancing the files among all nodes and providing high availability.
  • Backup — Receives and analyzes samples. If the primary node fails, the backup node assumes the primary node responsibilities and cluster IP address. When the backup node is present in the cluster, the integrated products are configured with the cluster IP address.
  • Secondary — Receives and analyzes samples.

Certificates in a cluster environment

In a cluster environment of Advanced Threat Defense, the certificate of active node is synchronized to all backup and secondary nodes. Choose one of the following methods for a reliable infrastructure.

  • Use a wildcard certificate and install it on all nodes.
    Note: Ensure that the certificate and the CA are trusted by the browser.
  • Use a certificate with a valid CN where the SAN field contains the IP addresses or FQDNs of all nodes in the cluster. Install the certificate on all nodes.

    This method has a drawback. If you add the host name or FQDN in the SAN field (instead of an IP address), the browser performs a certificate chain validation. If the validation fails, XMODE or the Activation of VM ceases to work.

    Workaround: Bypass the browser's certificate validation. To bypass certificate validation:

    Browser Workaround
    Chrome Start Chrome using --ignore-certificate-errors flag
    Firefox Add Site Exceptions for each node.