Single Node Cluster

A Single-node cluster deployment option involves setting up a cluster on a single node, simplifying the process, and reducing hardware requirements.

A Single-node cluster does not provide High Availability, which makes it unsuitable for production environments. Single-node cluster deployment is primarily intended for testing and Proof of Concept (POC) purposes.

There are 4 stages of deployment in a Standalone Single-node cluster:

1. Installing HySecure VM
2. Post VM installation (Preboot execution)
3. Installing HySecure Client
4. Configuring Cluster Services

Deployment Architecture

Prerequisites

• Download the latest HySecure ISO image.

• Three free Static IP addresses on the LAN:

  1. Primary node: To be assigned to the primary node of HySecure.

  2. Secondary node: To be assigned to the secondary node, which is essential for configuring the cluster.

  3. Floating IP: To be assigned for the load balancing.

  Note

  In a Single node cluster, the secondary node is only required for assignment purposes. We will not configure the secondary node here.

• Access the HySecure node on port 443 using a Windows system with an HTML5-supported browser, such as Microsoft Edge, Google Chrome, or Mozilla Firefox, for post-installation configuration.

  Note

  It is required for the setup to use an HTML5-supported browser. Make sure the browser on the system meets the requirements outlined by HySecure.

• DNS server’s IP address: The IP address of the DNS server that the HySecure gateway will use for domain name resolution. This ensures that HySecure can resolve domain names to IP addresses.

• NTP Server address: The Network Time Protocol (NTP) server address with which the HySecure will synchronize. This is crucial for maintaining accurate time across the network and ensuring that certificates and system logs are correctly timestamped.

• External certificate in PEM format with a private key (Optional): You can optionally use an external SSL/TLS certificate (in PEM format) with a private key for secure HTTPS connections to the HySecure. HySecure can also create a self-signed certificate post-installation for Security Officer user login if an external certificate is not available.

Network Ports

Source	Destination	Purpose	Port No	Protocol	If the port is not open
HySecure Client	HySecure Virtual IP	User login, app launch	On the gateway 443 port is to be reachable	HTTPS	User login fails
Windows System	HySecure Node	Admin login for administration, app launch	443	HTTPS	User login fails

Sizing Guidelines

A Single node cluster deployment is recommended only for Proof of Concept and testing.

For more details refer to the Sizing Guidelines.

Deployment Steps

Installing HySecure VM

1. Create a VM with 4 vCPU, 2GB Memory, and 60 GB vDisk. Attach the latest version of the HySecure ISO image to VMware ESXi 6.x/7.x/8.x or Hyper-V. Here, for demonstration purposes, we have created a HySecure VM on VMware ESXi.

   

   

2. Power On the VM. The installation will begin automatically.

   

   

3. Upon completion, the VM will reboot automatically, and the login screen will be presented.

   

4. Enter the credentials and the numeric option as shown in the image.
   Enter 1 to modify the Network Configuration.

   

5. Enter 1 to manually configure a static IP address. Enter IP address, Netmask, and Gateway details.
   Enter Y to save the configuration.
   Enter R to go to the previous menu.

   

6. Enter 2 to set the Hostname.

   

7. Enter Y to save the configuration.
   . Press Enter to continue.

Following the above steps, you have successfully installed the HySecure VM using the HySecure bootable installation ISO image.

Post VM installation (preboot execution)

After successfully installing the HySecure VM, the next step includes preboot execution. This will ensure that the VM is correctly configured and prepared for operational use.

The following steps will guide you through the necessary actions to complete the post-installation setup and prepare the HySecure VM.

1. Open the Web browser and enter the website address as the static IP configured on the VM. For example, browse https://10.10.208.16 and click on Configure HySecure Now.

   

2. Accept the License Agreement. Check the I accept the terms and conditions box and click Submit.

   

3. Select the configuration type Installing HySecure Gateway on Physical Host/Virtual machine from the System Configuration window and click Submit.

   

4. Set the Hostname, DNS server IP address, Time Zone, and NTP Servers. Set an SSH password for the Gateway. If you prefer not to set a password, select the Use Default Password option. Click Submit.

   Note

   • Configure the internal NTP Server. Internet access is required to reach the external NTP server.
   • NTP Server configuration is a must to ensure TIME on all nodes in the cluster are in sync.

   

5. Select the Configuration Method for the gateway as Setup a New Installation and click Continue.

   

6. On the Certificate Authority Mode selection window, select Default Accops Internal CA for self signed certificate by the HySecure gateway. Else, select External CA to upload an External certificate in PEM format with a private key if it is available. Click Submit.

   

7. Navigate to the SSL Certificate creation platform provided by the Certificate Authority (CA).

8. Enter the details to Create SSL Certificate. The CA created is used to create a certificate for the HySecure admin, which is called a Security Officer Account (SO account). Click Submit and wait for a few seconds for the operation to complete.

   

9. A success message and the Passphrase will be displayed. Copy the Passphrase before closing the browser window.

   

Following the above steps, you have completed the preboot execution post-VM installation.

Installing HySecure Client

After completing the preboot process, the next essential step is to install the Windows HySecure Client.

The Windows HySecure Client is imperative for secure access to the HySecure management console. This ensures that all administrative operations are executed securely, thereby protecting the cluster from unauthorized access and potential security threats.

Note

1. Administrative privileges are NOT supported on Mac and Linux platforms.
2. It is recommended to use the latest version of HTML 5-supported browsers like Edge, Chrome or Firefox to access the HySecure Management Console.

Follow the steps below to install the HySecure Client:

1. Download HySecure Client:

   1. From the Windows system, open an HTML5-supported web browser (Microsoft Edge, Google Chrome, or Mozilla Firefox).
   2. Enter the HySecure VM IP address to access the download page.
   3. Download the HySecure Client.

   

2. Install the HySecure Client (Admin privileges are required):

   1. Locate the downloaded executable file and run it.
   2. Follow the installation wizard steps to complete the installation.

3. Launch the HySecure Client:

   1. After installation, launch the HySecure Client by entering the HySecure VM IP address in the client interface.
   2. Select the option Login with a digital certificate.
   3. Click the Action to enroll the Security Officer (SO) account.

   

4. Enter the Passphrase and Set a Password:

   1. Enter the Passphrase that was created during the preboot execution process.
   2. Set a new password for the Security Officer (SO) account.
   3. Click Submit to complete the Enrollment.

   

5. Log in and Access the Management Console:

   1. Open a HySecure client instance. Select the box Log in with a digital certificate and enter the password. Click Login.
   2. The browser will open automatically and display the HySecure Management Console.

   

The HySecure Client is now installed successfully.

Configuring Cluster Services

To create and configure cluster services on the HySecure VM, follow the steps below:

1. Launch the HySecure Client and log in as a Security Officer(SO). To create a new cluster from the HySecure Management console, navigate to Settings > Cluster, then click Configure.

   1. Click the option Create a new cluster and select the role of node as Active Load Balancer.
   2. Enter the following Cluster Details:
      • Virtual IP: Any unused IP address on the network. It should be from the same subnet as the HySecure VM.
      • Netmask: Enter the Subnet mask.
      • Select Virtual Interface: Select the virtual interface option eth0.
      • Click Submit.

   

   The following STATUS will appear after enabling the cluster: Successfully converted to HA Primary Node.

   

2. To configure the newly created cluster from the management console:

   1. Navigate to Apps > Add.

   2. Add a new HTTP-type application and set the Application Server Address as the virtual IP address, and set the port as 3636. Provide the URL as http://hysecure_virtual_IP_address:3636.

      

      

   3. Navigate to Apps > App Groups > Add. Create a High-Security application group and add the application created above to this group.

      

   4. Navigate to Policies > ACL > Add. Create an Application-Based Access control using Native as the Authorization Server for high-security users for the SYSTEM user group and assign the newly created High-Security application group.

      

      

   5. Navigate to Settings >Services Config > Gateway State and change the Gateway state to Run State.

      

   6. Log out of the HySecure Client and re-login. The Configuration page will now be accessible.

   7. Navigate to Settings > Cluster > Configure. If the page does not appear, open a new tab in the browser and type the URL: http://HySecureIP:3636/secure/global_settings.php

   8. Enter the Environment details and click Save.

      

      • Virtual IP Address and Netmask: Same as configured during the cluster creation.

      • Primary IP Address: The static IP address assigned to the HySecure VM.

      • Backup Static IP Address: Any unused Static IP address from the same subnet as the HySecure VM.

   9. Click Add to add a node to a cluster. Enter the details and click Save.

      • Server name: Enter the server identifier.
      • Server IP address: It should be the eth0 IP address of the HySecure VM.
      • Server Weight: Keep the default value.

      

   10. Click Save, then click Reload Service.

       

   11. Click Monitor to view the status.

       • The pop-up will appear when connected to Standby/Real.
         The administrator can verify this by checking the role as Active, Real, or Standby label next to the IP address.
       • Gateway IP address: Displays the node you are logged into.
       • Cluster Nodes Information: Displays the available nodes in a cluster and shows whether the services are running properly.

       

Conclusion

This single-node deployment option involves setting up all cluster components on a single node. It involves configuring network settings, installing the necessary software, and creating SSL certificates for secure communication. However, it is crucial to recognize that this setup should only be used in non-production scenarios to avoid potential downtime and performance issues.

For the production environment, it is recommended that two-node or multi-node cluster deployments be explored. They can provide the necessary scalability, reliability, and High Availability to meet high operational demands effectively.