Viewing information about a cluster node

To view information about a cluster node:

1. In the application web interface window, select the Nodes section.
2. Select the node whose information you want to view.

   A window containing information about the node opens.

The window contains the following information depending on server type:

1. Node information settings group:
   • Certificate fingerprint is the certificate fingerprint of the server.

     Information that can be used to confirm the authenticity of a server certificate. The fingerprint is created by applying a cryptographic hash function to the content of the server certificate.

   • Virtualization technology is the name of the virtualization platform.

     The following values are possible:

     • ACRN
     • bhyve (FreeBSD hypervisor)
     • Bochs Emulator
     • Linux KVM
     • Microsoft Hyper-V
     • Not used means that the application is installed on a physical server.
     • Oracle VM VirtualBox
     • Parallels Desktop or Server
     • QEMU
     • QNX
     • UML (user-mode Linux)
     • VMware Workstation or Server
     • Xen
     • z/VM

     Kaspersky Secure Mail Gateway supports Microsoft Hyper-V and VMware ESXi hypervisors. The application is not guaranteed to work with other hypervisors.

   • Comment is additional information about the node. Optional setting.
   • Current server role is the role of the current node in the cluster.
   • Scan threads is the number of message streams that Kaspersky Secure Mail Gateway can scan simultaneously.
2. Settings settings group:
   • For the Control node:
     • Applied refers to the last time when settings were successfully applied to application modules.
     • Time is the state of time synchronization with the hypervisor and the NTP server.
   • For a Secondary node:
     • Synchronized refers to the last time when settings were successfully received from the Control node. If settings were received, you can assign the Control role to this Secondary node without losing the defined settings.
     • Applied refers to the last time when settings were successfully applied to application modules.
3. Database information settings group:
   • Database update is the state of the application databases and the result and time of their last successful update.
   • Anti-Virus is the state of the Anti-Virus module databases.
   • Anti-Phishing is the state of the Anti-Phishing module databases.
   • Anti-Spam is the state of the Anti-Spam module databases.

   The following values are possible:

   • Databases are up to date.
   • Databases are out of date.
   • Databases are obsolete.
   • Bases error.
4. External services settings group:
   • KSN/KPSN status is the status of the connection to KSN/KPSN services.
   • KATA status is the state of the connection to the KATA server (displayed only when KATA integration is configured).
   • Kerberos keytab file status is the existence of SPN entries about all Secondary nodes in the keytab file (displayed only if Kerberos authentication is enabled).
   • LDAP status settings group (displayed only if integration with an Active Directory domain is configured):
     • Connection is the date and time of the last successful connection to the Active Directory domain controller.
     • Data for rules match is the date and time of the last successful update of user account data used for selecting traffic processing rules.
     • User accounts autofill is the date and time of the last successful update of data used for autocompletion of user names in the application web interface.

     If at least one of these steps results in an error, the cluster nodes table shows an error message.

     If duplicated data is found in accounts after successful synchronization with the Active Directory domain, a warning is displayed in the table of cluster nodes and in the LDAP status group of settings. The following data are checked for duplicates:

     • Names of all domain users. For users with duplicate names, Active Directory spoofing protection and personal allow and denylists do not work, messages are not placed in personal Backup, and personal lists are not available in the application.
     • Groups to which domain users belong. For groups with duplicated names, protection against Active Directory spoofing is disabled.
     • Active Directory contacts. For contacts with duplicated names, protection against Active Directory spoofing is disabled.
     • Kerberos user accounts. For users with duplicate Kerberos names, personal allow and denylists do not work, messages are not placed in personal Backup, and personal lists are not available in the application.
     • NTLM user accounts. For users with duplicate NTLM names, personal allow and denylists do not work, messages are not placed in personal Backup, and personal lists are not available in the application.
     • Email addresses of domain users. Messages intended for duplicated addresses are not placed in users' personal Backup, and personal allow and denylists of sender addresses are not applied to duplicated addresses.

     You can save the data of duplicated accounts to a file. To do so, in the warning area click Save duplicates to CSV.

5. Server time settings group (displayed only for Secondary nodes):
   • Time is the status of time synchronization with the following:
     • Server hosting the Control node
     • Hypervisor
     • NTP server

   If the status is Failure, you can copy error information to the clipboard by clicking the button to the right of the status.

6. License information settings group:
   • License expiration date.
   • License is the information about the status of the license key (for an active license key, expiration date and the number of days to expiration is also displayed).
   • Program is the name of the application for which the added license key was issued.
   • Functionality level is the application operation mode depending on the added license key.
   • License type is the type of license (trial, commercial, or subscription).
   • Serial number is the serial number of the license key.