Showing results for 
Show  only  | Search instead for 
Did you mean: 

Clustering Overview


In this document we'll explain about clustering and the different types of nodes.

Purpose of the cluster

The ATD clustering solution will analyze more samples in a given time as there will be more VMs available in the cluster to perform sandboxing of files.
In order for ATD clustering to work correctly, the following criteria must be met:

  • All the nodes in LB clustering need to be on same network switch and connected to management port only.
  • In case a backup node is configured clustering will need an extra floating IP which will be used as the cluster IP for submitting samples.

Cluster IP

‘Cluster IP’ is an important concept in Load balancing to be able to configure Clustering.
A Cluster IP is the visible IP which submitters send samples to.
In case there is no Backup Node configured in the network, Primary management IP can only serve the Cluster IP role. But if there is a Backup Node configured in the network there has to be a Cluster IP configured for the Cluster.

The Cluster IP must be in the same subnet as the management network of the Cluster. In the presence of Backup node we need a reserved IP (different from Primary’s or Backup Primary’s Mgmt IP) which can be assigned to Cluster.

Cluster IP keeps floating between Primary and Backup Primary Node depending on who is serving the Active Primary role.


Types/Roles of ATD nodes in Cluster


An ATD can have one of the below three TYPES of nodes in clustering:

  • Primary Node
  • Backup Node
  • Secondary Node

Apart from this there are two more floating ROLES in a Cluster which float between Primary and Backup Primary Nodes

  • Active Primary Role
  • Standby Primary Role

The GUI is used to configure the three node TYPES. The two ROLES are internal to ATD to keep track where the floating Cluster IP is assigned to and which among ‘Primary Node’ and ‘Backup Node’ will serve the submission requests.

Primary Node

A Cluster will have one Primary configured in network. This is compulsory and the first node which needs to be configured in the Cluster. The main responsibility of this node is to:

  • Accept sample files from submitters and distribute to cluster nodes.
  • Accept and acknowledge the REST request submitted by submitter.
  • Accept and acknowledge the heartbeats from Secondary and Backup cluster nodes.
  • Manage and update the state of different nodes in cluster.
  • Analyze the sample which was chosen to be submitted to that node.

The role defined above is with keeping in consideration that it is also have the ‘Active Primary Role’.   If by any reason this node goes down the Backup Primary Node will take the Active Primary Role thus all the roles defend above. When this recovers will take the Standby Primary Role.
Note: A Primary node also serves sample files as well as distributing samples in the cluster. 

Backup Primary Node

A Backup Primary node is a failover for the Primary in the Cluster network. The purpose of this node is High Availability and in scenarios when Primary goes down it will take all the Primary role’s responsibilities and keep ATD available for the submitter. The main responsibility of this node is to:

  • Keeping monitoring Active Primary’s health/status in the network.
  • If Active Primary node is down it will take over the Active Primary role. In the GUI you see Backup(Active).
    (The other node (Primary Node) will take the ‘Standby Role’ once it recovers.)
  • Accept and acknowledge the heartbeats from Active Primary and Secondary cluster nodes.
  • It serves all the responsibility of secondary nodes as well.

Secondary Node

A Secondary node in a Cluster is the node which accepts the file from Primary generates the Job Id and task Id for the submission/sample and return to Primary. The respective Ids are then shared with the submitter for tracking. The main responsibility of this node is to:

  • Accept sample files from Primary and analyze them.
  • Send the heartbeats to Primary and Backup Primary nodes on Cluster IP.

Note: A secondary node can also receive file directly on its management IP submitted via UI or any Point Product. A cluster can be created even without any secondary node configured, but in that case the samples will just be submitted to the Primary nodes (including Backup, if configured).

Version history
Revision #:
2 of 2
Last update:
‎12-20-2018 05:16 AM
Updated by:

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community