Run Deep Security Manager on multiple nodes

Instead of running Deep Security Manager on one server, you can install Deep Security Manager on multiple servers ("nodes") and connect them to one shared database. This provides better:

  • Reliability
  • Availability
  • Scalability
  • Performance

You can log in to any node. Each node can do all types of tasks. No node is more important than any of the others. A node failure does not cause service downtime, and does not result in data loss. Deep Security Manager processes many concurrent activities in a distributed pool that all online nodes execute. All activity that does not happen due to user input is packaged as a job, and runs on any available manager (with some exceptions for "local" jobs that are executed on each node, like cache clearing).

Each node must run the same Deep Security Manager software version. When you upgrade, the first manager you upgrade will temporarily take over all duties and shut down the other nodes. On Administration > System Information, in the Network Map with Activity Graph of the System Activity area, other nodes' status will be "Offline" with an indication that an upgrade is required. Once upgraded, nodes will automatically return online and begin processing again.

Add a node

After you have installed Deep Security Manager on one server node, run the installer again on another server. When prompted, connect it to the same database as the first node.

Never run more than one instance of the installer at the same time. Doing so can lead to unpredictable results including corruption of the database.
Set the system clock of each manager node to use the same time zone. The database must also use the same time zone. If the time zone is different, this causes Manager Time Out of Sync errors.

Remove a node

Before you remove or replace a server, you should remove it from the pool of Deep Security Manager nodes.

  1. Halt the service or uninstall Deep Security Manager on the node that you want to remove.

    Its status must change to "Offline".

  2. Log into Deep Security Manager on another node.
  3. Go to Administration > Manager Nodes.

  4. Double-click the node that you want to remove.

    The node's Properties window should appear.

  5. In the Options area, click Decommission.

Viewing node statuses

To display all Deep Security Manager nodes along with their status, combined activity, and jobs being processed, go to Administration > System Information. From the drop-down menu, select which graph you want to view.

Network Map with Activity Graph

The Network Map with Activity Graph in the System Activity area displays a map of all installed manager nodes and their current status as well their relative activity over the last hour. The nodes can be in the following states:

  • Online
  • Offline
  • Offline (Upgrade Required)
All Deep Security Manager nodes periodically check the health of all other nodes. If any manager node loses network connectivity for more than 3 minutes, it is considered offline. The remaining nodes assume its tasks.

Jobs by Node

This chart displays the number of jobs carried out over the last hour by each node.

Jobs by Type

This chart displays the jobs carried out over the last hour by type.

Total jobs by node and type

This chart displays the number of job types for each node over the last hour.