Organizing Clusters

Dr.Web CMS Web Console allows creating hosts cluster trees with any nesting level. In a cluster any changes of a variable with attribute Shared initiate the same change of variables on all sub-hosts.

To create a cluster

On the sub-host (that is being added to cluster), do the following:

1.Create the group /CMS_1.0/Security/Users/host. This group specifies the user account used by the main host to transfer the variables with the Shared attribute to a local server.

2.In the host group, a variable Password of the Password type will be created automatically to connect to the created account. The default password is drweb. For security reasons, it is strongly recommended to change it.

On the main host, do the following:

1.Create a group of any name at /CMS_1.0/Shared/. This group will be the sub-host.

2.In the host group, a variable Address of the String type is created automatically. By default, it has an empty value. This variable should contain the IP address of the sub-host MS connection in the following format: <IP address>:<Port>, e.g., 192.168.1.1:2056.

3.In the host group, a variable Password of the Password type is created automatically to connect to the host account on the sub-host. The default password is drweb. For security reasons, it is strongly recommended to change it. If the password is the same for all the hosts, you can create the Password variable in the Shared group. It will be used by default for all connections.

4.The variables configuring the connection to the sub-host cannot have the Shared attribute, therefore, the settings cannot be transferred to the sub-hosts. On the attempt to change the attributes of the connections settings, an access denied message will be received.

In the Shared folder, the variable Enabled of the Boolean type is created automatically. This variable enables/disables the cluster functions. If this variable has the True value, all the described connections are active, in case of the False value — all connections are interrupted. By default, the variable is created with the value True.

When a host group is created in the Shared folder, a variable Enabled of the Boolean type is created there automatically with the default value False. This variable enables/disables a specific connection.

If the address (the Address variable value) is changed, the active connection is switched to a new address. Changing the password does not lead to the connection switching. To switch the connection with a new password, you need to disable and re-enable the connection using the Enabled variable.

In case the connection is created correctly, CMS will automatically establish connection to the sub-host and will propagate it to all variables with Shared attribute. If the remote host already has a variable with such name, but without Shared attribute, this variable will be ignored with the MB_RC_SKIPPED code returned.

You can create a list of the sub-hosts on any level.

Внимание!

If Windows Firewall is enabled, for cluster to work properly, it is necessary to allow TCP-communication between the main host and the sub-hosts. To do this, you need to create the following Windows Firewall rules:

Inbound rule for TCP-communication between drwcms.exe control service of the main host and the sub-host through any port.

Outbound rule for TCP-communication between drwcms.exe control service of the main host with the sub-host through 2056 port.

Inbound rule for TCP-communication between the sub-host and the drwcms.exe control service of the main host through 2056 port.

Outbound rule for TCP-communication between the sub-host with the drwcms.exe control service of the main host through any port.

Managing Scanning and Filtering Settings for AD Groups

The variables with Shared attribute of the profiles and groups created as the lists of email addresses, as well as such groups and profiles are easily distributed between cmsdb databases of the main host and sub-host as they do not depend on Active Directory. If the main host and the sub-host are connected to one Active Directory GC (Global Catalog) server, the settings of the AD group created via Dr.Web Administrator Web Console on the main host, are transferred to the sub-host. But if the mail servers forming a cluster do not have common Global Catalog, to create the AD groups with shared settings managing, perform the following actions:

1.On the sub-host, create a new Distribution group using the Active Directory management console.

2.Use Dr.Web Administrator Web Console to add the created group to the list of the application groups.

3.In Dr.Web CMS Web Console, find this group in the DrWebScanSrv_1.0 -> Application Settings ->Groups -> <group name> section. Change the attribute from Shared to Default for the ItemList variable (it specifies GUID of the created AD group).

4.Use the Active Directory management console on the main host to create a new Distribution group with the same name as on the sub-host.

5.Add the created group to the list of the application groups using Dr.Web Administrator Web Console on the main host. Enter the same name for the group.

6.The groups are now associated with each other (despite the fact that they have different GUID and are composed from different users), so that assigning profiles, as well as configuring scanning and filtering for them can be performed using Dr.Web Administrator Web Console on the main host, being transferred to both servers.