Clustering Advanced Threat Defense Appliances When you have a very heavy load of files to be analyzed for malicious content, you can cluster two or more Advanced Threat Defense Appliances. So, the analysis load is efficiently balanced between the Advanced Threat Defense Appliances (nodes) in the cluster. Consider multiple inline Sensors submitting hundreds of files per second to one Advanced Threat Defense Appliance. In the blocking mode, a Sensor waits for up to 6 seconds for Advanced Threat Defense to analyze a file. After this time period, the Sensor forwards the file to the target endpoint. Faster response from Advanced Threat Defense could be accomplished by clustering Advanced Threat Defense Appliances for load-balancing. Installing Advanced Threat Defense in a cluster environmentTo make sure that Advanced Threat Defense is always available, you can install Advanced Threat Defense in a cluster environment. Cluster VM auto synchronizationThe primary node pushes all VM settings to the secondary nodes, which enable auto synchronization within VM clusters. Prerequisites and considerations Advanced Threat Defense cluster network connections Eth-0 interface of the primary acts as the management interface of the cluster whereas the eth-0 of the secondary and backup node are used to exchange information with the primary. Using Advanced Threat Defense clustersWhen you configure clusters, you use the primary node to manage the configuration for the cluster, and Advanced Threat Defense uses the secondary nodes as backup. High-level steps to configure clusters Follow these high-level steps to configure an Advanced Threat Defense cluster. Modifying cluster configurations Regarding an Advanced Threat Defense cluster, configurations can be classified into two types:
Clustering Advanced Threat Defense Appliances When you have a very heavy load of files to be analyzed for malicious content, you can cluster two or more Advanced Threat Defense Appliances. So, the analysis load is efficiently balanced between the Advanced Threat Defense Appliances (nodes) in the cluster. Consider multiple inline Sensors submitting hundreds of files per second to one Advanced Threat Defense Appliance. In the blocking mode, a Sensor waits for up to 6 seconds for Advanced Threat Defense to analyze a file. After this time period, the Sensor forwards the file to the target endpoint. Faster response from Advanced Threat Defense could be accomplished by clustering Advanced Threat Defense Appliances for load-balancing. Installing Advanced Threat Defense in a cluster environmentTo make sure that Advanced Threat Defense is always available, you can install Advanced Threat Defense in a cluster environment. Cluster VM auto synchronizationThe primary node pushes all VM settings to the secondary nodes, which enable auto synchronization within VM clusters. Prerequisites and considerations Advanced Threat Defense cluster network connections Eth-0 interface of the primary acts as the management interface of the cluster whereas the eth-0 of the secondary and backup node are used to exchange information with the primary. Using Advanced Threat Defense clustersWhen you configure clusters, you use the primary node to manage the configuration for the cluster, and Advanced Threat Defense uses the secondary nodes as backup. High-level steps to configure clusters Follow these high-level steps to configure an Advanced Threat Defense cluster. Modifying cluster configurations Regarding an Advanced Threat Defense cluster, configurations can be classified into two types: