Distributed solution and multitenancy

You can configure settings of each Central Node component individually or manage several components in a centralized way in distributed solution mode.

The distributed solution is a two-tier hierarchy of servers with Central Node components installed. This structure sets apart a primary control server known as the Primary Central Node (PCN) and secondary servers known as Secondary Central Nodes (SCN). Interaction of servers requires connecting SCN to PCN.

If you have deployed the Central Node component as a cluster, the entire cluster takes on the role of a PCN or SCN.

PCN and SCN scan files and objects using the same technology as the individually managed Central Node component.

The distributed solution allows centralized management of the following functional areas of the application:

• Users.
• Alerts.
• Threat Hunting.
• Tasks.
• Prevention.
• Custom rules.
• Storage.
• Endpoint Agents, including network isolation of hosts.
• Reports.

If you are supporting multiple organizations or branch offices of the same organization, you can use the application in multitenancy mode.

Multitenancy mode lets you use the application to simultaneously protect the infrastructure of multiple organizations or branch offices of the same organization (hereinafter also referred to as "tenants"). You can install Kaspersky Anti Targeted Attack Platform on one or more Central Node for each tenant. Each tenant can manage the application independently from other tenants. The service provider can manage the data of multiple tenants.

For each user account, the number of simultaneous application management sessions is limited to one IP address. If the same user name is used to log in to the application from a different IP address, the earlier session is terminated.

If you are using the distributed solution and multitenancy mode, the limit is enforced for each PCN and SCN server separately.

Operation of the application in distributed solution mode

You can use the distributed solution and multitenancy mode in the following cases:

• To protect more than 10,000 hosts of a tenant
• For centralized management of the application in different business units of the tenant
• For centralized management of the application on servers of multiple tenants

When the application switches to the distributed solution and multitenancy mode, all previously added license keys are deleted from servers with the SCN role. Each connected SCN receives a key from the PCN. If full functionality of the application is used for the PCN (KATA and KEDR key), and partial functionality is used for the SCN (only KATA key or only KEDR key), the SCN server load limit may be exceeded because of the increased volume of data. If partial application functionality is used for the PCN (only KATA key or only KEDR key), and full functionality is used for the SCN (KATA and KEDR key), the application functionality is partially unavailable.

License keys can be managed only on the PCN.

You can use the following scenarios to deploy the application in distributed solution and multitenancy mode:

• Install the Central Node component on new servers and assign PCN and SCN roles to those servers.
• Assign PCN and SCN roles to servers that already have the Central Node component installed.

  In this case, you must upgrade the Central Node component to version 5.1.

  Before you switch servers with Central Node components installed to distributed solution mode, you should review the changes that will be applied to the system after the operating mode is changed. Assigning the PCN role to a server is irreversible.