Install Server Sensor in Cluster Environment

Installing RealSecure Server Sensor on a Microsoft Cluster is generally the same as installing RealSecure Server Sensor on any other Windows 2000 platform. There are however a number of additional points to note. - RealSecure Server Sensor is not a cluster resource but is installed locally on each cluster node. In this way RealSecure Server Sensor protects each of the component nodes of a cluster rather than just the active node. If possible perform each installation while the node is NOT active, particularly where IIS is installed. If it is necessary to install RealSecure Server Sensor on the active node you should elect to stop and restart IIS manually following the install process. - From the RealSecure Console, a cluster will appear as a number of discrete systems, and events will originate from those discrete systems rather than the cluster-name or cluster-ip-address. - By default RealSecure Server Sensor enforces Audit Policy on its host systems. If however this default is accepted, each node of the cluster will compete with the other nodes in an attempt to be the last one to re-set the Audit Policy to the preferred values. It is therefore necessary to unset Enforce Audit Policy on all but one cluster node. - The recommended way to u nset the Enforce Audit Policy setting is to do it on each cluster node as installation, and introduction to the Console, proceeds. Do NOT install RealSecure ServerSensor on all the cluster nodes and then try un-setting Enforce Audit Policy as, by this time, the competition will be well under way. - Enforce Audit Policy is set/unset from the Console: Server Sensor Properties : server_sensor_1@node > Server Sensor > Enforce Audit Policy. - If a User Defined Text Log Event is defined to watch a file on a shared resource the following behavior will be observed. - When the shared resource is visible on node A, these events will only be seen originating from Server Sensor on node A. - Following each Cluster Switch, the Server Sensor on the new active node will scan the whole file and may report events that have already been reported. Upgrading via XPU and UNinstalling - Perform any upgrades and de-installations of RealSecure Server Sensor while the node is NOT active, particularly where IIS is installed. Support - Microsoft Knowledge Base Article Q248025 describes how to "Configure Clustered IIS Virtual Servers on Windows 2000 Advanced Servers". It also states "Although it is technically possible to set up IIS by using Clustering service, Microsoft d oes not recommend that you install IIS on Microsoft Cluster server. The recommended method to provide high-availability with IIS is to use Network Load Balancing". In view of Microsoft's position, ISS does not support the use of the ISAPI (IIS) filter component of RealSecure Server Sensor on Microsoft Cluster server. If however, IIS is already installed when RealSecure Server Sensor is installed, the ISAPI Component will also be installed. When running RealSecure Server Sensor on Microsoft Cluster there are a number of additional points to note. * A 2 Node MSCS Cluster running Windows 2000 Advanced Server, as described in http://www.microsoft.com/WINDOWS2000/techinfo/planning/server/clustersteps.asp * How to Configure Clustered IIS Virtual Servers on Windows 2000 Advanced Servers (Q248025) * Using IISSYNC to Synchronize Clustered Web Sites on Windows 2000 Advanced Server (Q249603) * How to Configure SSL in a Windows 2000 IIS 5.0 Test Environment Using Certificate Server 2.0 (Q290625) * IISSYNC May Fail If SSL Is Enabled on IIS 5.0/Windows 2000 Cluster (Q288207) * How to Configure the SMTP Resource on a Windows 2000-Based Server Cluster. (Q280400)