Deploy clusters and distributed architectures
This section describes how to deploy clusters and / or distributed architectures.
Note: Each installation package includes software for the full AlgoSec Security Management Suite. Functionality for each ASMS product is enabled via license, and not by installation.
Deploy clusters and distributed architecture nodes
Clusters and distributed architectures must be deployed on virtual appliances or AlgoSec hardware appliances, or as AWS or Azure instances. If you are deploying clusters, each node must be identical: either both hardware appliances, or both virtual appliances.
Both nodes must run the same version of ASMS, and must have the same amount of disk space.
Do the following:
-
AlgoSec hardware appliances Starting by preparing your machine.
For details, see Prepare an AlgoSec Hardware Appliance.
AlgoSec VMware virtual appliances Download a VMware OVF machine.
For details, see Download ASMS software packages.
Note: If you are reusing an appliance in a new role, reinstall a fresh version of ASMS. See Install ASMS on a repurposed AlgoSec hardware appliance and Switch appliance roles.
-
Perform initial configurations, including configuring your machine's IP address, setting time and date, configuring DNS, etc. For details, see Configure ASMS machines.
-
Connect your machine to your organization's network. To connect an AlgoSec Hardware Appliance to the network, ensure that you use the ETH0 on the appliance's rear panel.
-
If you configured a dynamic IP address using DHCP, verify the IP address assigned. For details, see Basic configurations.
- Configure DNS server on all HA/DR, Load Distribution and Remote Agent nodes. For details, see Configure DNS Server.
-
For NAS storage, do one of the following:
HA clusters Configure NAS storage for the primary node of the cluster.
The cluster building process automatically configures NAS on the secondary HA node.
DR clusters If you want NAS on both nodes, you must configure NAS on both nodes. In order to achieve this, you must provide a second NAS server at the disaster recovery site. Load distributions Configure NAS for the Central Manager only. NAS will automatically be configured for the Load Units.
Note: NAS support for load distribution environments is only supported with NFSV4.
Important: The user/customer is responsible for configuring the NAS server at the primary site and the NAS server at the disaster recovery site to sync with one another.
For more details, see ASMS support for NAS.
-
(Optional) Scripts can be added to be run during the switch roles process of the cluster. For more information contact AlgoSec Support.
- If you are deploying clusters, build and configure the clusters. For details, see Manage clusters.
- Test your installation. For details, see Test machine installation and configuration.
- Set up your environment on your primary node or Central Manager / Master Appliance. For details, see Set up the ASMS environment.
-
If you are deploying an HA/DR cluster on the primary appliance or Central Manager / Master Appliance, install a license on the secondary node using the Administration Interface CLI. For an HA/DR cluster on a Remote Agent, install a license on both the Remote Agent and its secondary node. See Build a cluster. For details, see Connect to and Utilize the Administration Interface.
Note: Remote Agents without an HA/DR cluster and Load Units do not need their own licenses installed.
- If you are deploying a distributed architecture, configure the distribution. For details, see Configure a distributed architecture.
-
Perform sanity checks. For details, see System sanity checks.
- Continue to deploy ASMS products, including populating your environment with devices and users. For more details, see ASMS deployment checklist.
â See also: