Distribution Center: Master-Slave configuration


The following steps apply only for offline Master –Slave Distribution Center installation.

Installation steps:


- Master Distribution Center installation (Internet side) + configuration tweak to set it as master

- Endpoint installation on Internet size + configuration tweak to lock Policy update

- Endpoint Antivirus installation and update on Internet side

- Slave Distribution Center installation (private network side) + configuration tweak to set it as slave

- Manually ‘deploy’ folder replicate from master to slave

- Endpoint installation on private network


note.jpg

Important

Do not setup ‘endpoint_startup’ username for your Policy; it could let your Endpoints running in the ‘limbo’.

Do not disable automatically updates on your Policy, you will need Endpoint to automatically update Antivirus signatures.


Master Distribution Center installation:

Install Internet side Distribution Center.

Edit dcenter.local.conf file and add the following line:

master_dc:1

Restart Distribution Center and look at System log to be sure it is running as master:

 

 


 

Endpoint installation on Internet side:

Edit on Dashboard the Policy you’re going to use and set both Distribution Center addresses, public and private:




 

· Running Endpoints will find the right address for each side and set it as default

Enable Download and install Antivirus Module




 

Download this policy package installer and check isf.cfg file contents:

[ isf.cfg ]

use_dcenter:1

dcenter_address:172.20.0.104:8010

dcenter_address:192.168.56.1:8010

Install internet side endpoint using the downloaded package installer.

You need to tweak isf.local file for this Endpoint.

Edit isf.local and add a ‘lock_policy_user’ line to force this Endpoint to use the required Policy all the time.

Replace the username (jorge in this sample) by required username for for the Policy you’re going to use.




 

· This tweak is needed to force endpoint to update the policy, av signatures, etc. even when no user is logged on the PC

Restart Endpoint and check it is locked for this user




 

Install and update Antivirus

Be sure Antivirus is full updated this first time; because of progressive Antivirus update and signature dates, you might need to click ‘Check for Updates’ a couple of times.

The whole update could take a while.




 

Slave Distribution Center installation:


Install private side Distribution Center.

Edit dcenter.local.conf file and add the following line:

slave_dc:1

Restart Distribution Center and look at System log to be sure it is running as slave:




 

Manually ‘deploy’ folder replication:


You will need to copy the full contents of ‘deploy’ folder from master DC to slave DC.

To ensure no files are opened at copying time, I strongly recommend to stop Distribution Center Service, then, copy files to the destination drive and restart Distribution Center.

I also recommend to use a sync tool for files copy (it makes a diff copy instead of a full dump) like rsync.


A small script like the next one could be used for copy process:

[ master_copy.bat ]

sc stop dcenter

rsync c:\Program Files(x86)\Distribution Center\deploy x:\

sc start dcenter

[ slave_copy.bat ]

sc stop dcenter

rsync x:\ c:\Program Files(x86)\Distribution Center\deploy

sc start dcenter


· Replace folder paths with the correct ones


Endpoint installation on private network side:

Important: it is really important that your Policy does not have ‘endpoint_startup’ username set. Check on Dashboard users to be sure ‘endpoint_startup’ is not defined.

Install Endpoint using the same package installer used for Internet side (you don’t need to lock the Policy username for these Endpoints).

Endpoint will automatically find and use the slave Distribution Center (192.168.56.1 in this test):




 

After a while, Endpoint will install Antivirus getting everything needed from slave DC.

I your Policy does not disable automatically update, updater will automatically start and update Antivirus signatures.


If you manually update Antivirus signatures, you will see the installation process running really fast (less than 15 seconds for the required 200Mbytes in my own test).




 

Endpoint running on Internet side will keep master Distribution Center up to date ( Antivirus signatures are automatically updated every 6 hours ).


Recommend to copy ‘deploy’ folder from master to slave only once at a day (or every 12 hours if needed).