9.2. Multi-node deployment

Metadefender Core is designed to support scaling of the scanning infrastructure by distributing scan requests among several scan nodes. The benefit of having such a distributed infrastructure is that based on node loads, Metadefender Core server can always choose the most appropriate node to assign a new scan task to. In case of high scan load, node tasks are well-balanced to provide robust load balancing.

Metadefender Core servers allow connections from several nodes. The server-node communication is unsecured. Therefore it is advisable to configure a dedicated virtual LAN and open only the respective ports. Alternatively you can set up an ssl-tunnel to encrypt data-flow.

Setting up several Metadefender Core nodes

After activation of the product it is possible to connect as many nodes to your server is allowed by the purchased license. Please note that there is a node running on the Metadefender Core server itself.

The Metadefender Core server needs to be installed on a dedicated server, and the nodes on other machines, using the installation packages applicable to your distribution. To set up multiple nodes both the configuration of the server and the nodes are to be changed according to the following paragraphs.

Installing additional Metadefender Core Node instances

Windows

There are two options to install a node on Windows systems:

  • With Install Wizard:
    Run the installer (.msi file) and follow the instructions.

  • Using command line interface:

    msiexec /i <msi file name> <option key>=<option value>

    where the possible keys and their default values are the following:

    Key

    Default Value

    Description

    SERVERPORT

    8007

    (in versions before v4.9.0: 8009)

    The value should match to the port value defined on the Metadefender Core server.

    SERVERADDRESS

    -

    The value should be the IP address that the Metadefender Core server listens on for accepting external node connections.

Linux

If the Metadefender Core Node package dependencies are not installed on your system you may need to have a working Internet connection or you may have to provide the Installation media during the installation. Consult your Operating System documentation on how to use Installation media as a package repository.

Debian package (.deb)

sudo dpkg -i <filename> || sudo apt-get install -f

On Red Hat Enterprise Linux / CentOS package (.rpm)

sudo yum install <filename>

Setup on the server machine on Linux

  1. Open the configuration file /etc/ometascan/ometascan.conf

  2. Within [global] section create a new entry called address. The value should be the IP address of network interface you want the server be accepting nodes on. If you want to allow all interfaces for this purpose you can either skip this step or define value 0.0.0.0 to this field.

  3. Within [global] section create a new entry called port on with the server accepts connections. The suggested value is 8007.

  4. Restart ometascan service using your distribution service manager utility.

    [global]
    ...
    address=0.0.0.0
    port=8007
    ...

Setup on the node machine(s) on Linux

  1. Open the configuration file /etc/ometascan-node/ometascan-node.conf on the node machine

  2. Within [global] section create an new entry called serveraddress. The value should be the IP address of the server. If defined at server side these addresses should match.

  3. Within [global] section create an new entry called serverport of which the value should match to the port value defined at server side.

  4. Restart ometascan-node service using your distribution service manager utility

    [global]
    ...
    serveraddress=<server IP>
    serverport=8007
    ...

Setup on the server machine on Windows

  1. Open the key HKEY_LOCAL_MACHINE\SOFTWARE\OPSWAT\Metascan\global in Windows Registry

  2. Within global key create a new string value called address. The value should be the IP address of network interface you want the server be accepting nodes on. If you want to allow all interfaces for this purpose you can either skip this step or define value 0.0.0.0 to this field.

  3. Within global key create a new string value called port on with the server accepts connections. The suggested value is 8007.

  4. Restart OPSWAT Metadefender Core service.

Setup on the node machine(s) on Windows

  1. Open the key HKEY_LOCAL_MACHINE\SOFTWARE\OPSWAT\Metascan Node\global in Windows Registry

  2. Within global key create an new string value called serveraddress. The value should be the IP address of the server. If defined at server side these addresses should match.

  3. Within global key create an new string value called serverport of which the value should match to the port value defined at server side.

  4. Restart OPSWAT Metadefender Node for Core service.

Note that after specifying the port value in the server configuration, you should set the configuration file of the node which is installed on the server machine.

After these steps Metadefender Core server starts deploying scan engines and malware databases onto the connected nodes, which will be shown on the Metadefender Core web interface in the Inventory Scan nodes menu.