Run Deep Security Manager as multiple nodes

Does not apply to Deep Security as a Service

Deep Security Manager can be run as multiple nodes operating in parallel using a single database. Running the Manager as multiple nodes provides increased reliability, redundant availability, virtually unlimited scalability, and better performance.

Each node is capable of all tasks and no node is more important than any of the others. Users can sign in to any node to carry out their tasks. The failure of any node cannot lead to any tasks not being carried out. The failure of any node cannot lead to the loss of any data.

Each node must be running the same version of the Manager software. When performing an upgrade of the Manager software, the first Manager to be upgraded will take over all Deep Security Manager duties and shut down all the other Deep Security Manager nodes. They will appear as "offline" in the Network Map with Activity Graph in the System Activity panel of the System Information page with an indication that an upgrade is required. As the upgrades are carried out on the other nodes, they will automatically be brought back online and begin sharing in the Manager tasks.

Viewing nodes

The Network Map with Activity Graph in the System Activity panel on the System Information page displays all Deep Security Manager nodes along with their status, combined activity and jobs being processed.

The Deep Security Manager processes many concurrent activities in a distributed pool that is executed by all online Manager nodes. All activity not derived from User input is packaged as a job and thus "runnable" on any Manager (with some exceptions for "local" jobs that are executed on each node, like cache clearing).

Network map with activity graph

The Network Map with Activity Graph displays a map of all installed Manager nodes and their current status as well their relative activity over the last hour. The nodes can be in the following states:

  • Online
  • Offline
  • Offline (Upgrade Required)
All Deep Security Manager nodes periodically check the health of all other Deep Security Manager nodes. If there is a loss of connectivity with any Deep Security Manager node that lasts longer than three minutes, the node is considered offline and its tasks are redistributed among the remaining nodes.

Jobs by node

This chart breaks down the number of jobs carried out over the last hour by each node.

Jobs by type

This chart breaks down the jobs carried out over the last hour by type.

Total jobs by node and type

This chart displays the number of job types for each node over the last hour.

Adding nodes

To add a Deep Security Manager node to the system, run the Manager install package on a new computer. When prompted, type the location of and login credentials for the database being used. Once the installer connects to the database, you can proceed with adding the node to the system.

You must be using either MS SQL Server or Oracle Database to run multiple nodes.At no point should more than one instance of the installer be running at the same time. Doing so can lead to unpredictable results including corruption of the database.

Decommissioning nodes

A node must be offline (uninstalled or service halted) to be decommissioned.
  1. In the Deep Security Manager, go to Administration > Manager Nodes.
  2. Double click on the Manager node you want to decommission to display its Properties window.
  3. Click the Decommission button in the Options area.