MEG provides very easy-to-setup appliance clustering feature which provides high availability and load balancing among the cluster member appliances. Once you enable appliance clustering (System, System Administration, Cluster Management, Cluster Mode), the clustering subsystem automatically synchronizes configuration and policy settings among the cluster member appliances. It also synchronizes anti-virus DAT and URL filtering database so that you can save network load.
Appliance cluster gives a lot of benefits, but there are something that you need to be careful. Today I introduce two very important points.
1. Do not enable configuration push feature among cluster member appliances.
The configuration push feature (System, System Administration, Configuration Push) uses API over HTTPS to push the configuration from one Appliance to the other listed devices.
On the other hand, the clustering subsystem automatically synchronizes settings among cluster members over TFTP.
If you enable configuration push between the cluster member appliances, configuration changes from two different channels can collide resulting in race condition or damaged back end configuration and your Appliance will become unstable.
If you happened to enable configuration push among the cluster member appliances, please refer to KB82172 and take remediation actions.
2. Use MQM.
You can choose to use on-box quarantine or off-box McAfee Quarantine Manager (MQM) service for quarantining emails. On the appliance cluster, use MQM.
MQM can handle very large amount of quarantined items as compared to the MEG on-box quarantine. MQM uses MySQL or Microsoft SQL Server database for quarantine. It's scalable and efficient. MQM also provides granular configuration on the quarantine queues.
MEG has feature to save quarantined emails, but does not have restoring option. To illustrate, imagine your appliance cluster consists of cluster master appliance and cluster failover appliance, and scanning is enabled on both of them. If you are using on-box quarantine in this setup, and your master appliance has hardware failure, you will lose quarantined emails. On the other hand, you can configure database backup tasks on MQM database, and restore it when disaster recovery.
For the details of McAfee Quarantine Manager, see its product guide. The latest MQM version is 7.0.1 at the time of this blog post. We strongly recommend to install MQM 7.0.1 Rollup 1 (PD25180) on top of MQM 7.0.1.