LUCY

User Tools

Site Tools

Trace:
setting_up_a_lucy_master_slave

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Next revisionBoth sides next revision
setting_up_a_lucy_master_slave [2019/04/26 15:48] – [Ports and Updates] lucysetting_up_a_lucy_master_slave [2019/10/28 07:39] – [What is a master/slave?] lucy
Line 14: Line 14:
 LUCY's master/slave configuration enables the administrator to create such segregation by associating a "slave" role to a LUCY instance.  LUCY's master/slave configuration enables the administrator to create such segregation by associating a "slave" role to a LUCY instance. 
  
-  * **Master/Slave**: When proxy mode is enabled, Lucy acts as a reverse proxy and pushes all HTTP/S requests to the "master" address, without analyzing the traffic in any way, except the /admin part. You can still access the proxy's admin panel when the proxy is enabled, all other (scenario/static) URLs get forwarded to master. The master is a regular Lucy instance, it just allows proxified requests. So you configure all campaigns on the master, send emails from the master and do nothing on proxy except enabling proxy mode. The master will push all running campaigns to the slave (SSL, virtual hosts, configuration, etc) and get statistics from the slave automatically. When the campaign is stopped, all data is removed from the slave.+  * **Master/Slave**: When proxy mode is enabled, Lucy acts as a reverse proxy and pushes all HTTP/S requests to the "master" address, without analyzing the traffic in any way, except the /admin part. You can still access the proxy's admin panel when the proxy is enabled, all other (scenario/static) URLs get forwarded to master. The master is a regular Lucy instance, it just allows proxified requests. So you configure all campaigns on the master, send emails from the master and do nothing on proxy except enabling proxy mode. The master will push all running campaigns to the slave (SSL, virtual hosts, configuration, etc) and get statistics from the slave automatically. When the campaign is stopped, all data is removed from the slave.
  
-  * **Reflective Master/Slave**: All campaigns & recipients are configured on Master, when launched, the Master pushes everything to the Slave, and pulls the stats from the Slave to the Master. "Victims (end users)" access only the Slave. There is no connection from the Slave to the Master (only Master to Slave). Only running campaigns are published on the Slave, then when a campaign is stopped, it gets wiped from the Slave and stored only on the Master. All mails in such a reflective mode are sent from the slave!+  * **Reflective Master/Slave**: All campaigns & recipients are configured on Master, when launched, the Master pushes everything to the Slave, and pulls the stats from the Slave to the Master. "Victims (end users)" access only the Slave. Only running campaigns are published on the Slave, then when a campaign is stopped, it gets wiped from the Slave and stored only on the Master. All mails in such a reflective mode are sent from the slave!
  
 Please note: There is a caveat with HTTPS - if you generate SSL on master, you have to put it to proxy by hands, as the proxy doesn't automatically interact with master in any way and doesn't exchange information with it.  Please note: There is a caveat with HTTPS - if you generate SSL on master, you have to put it to proxy by hands, as the proxy doesn't automatically interact with master in any way and doesn't exchange information with it. 
Line 24: Line 24:
 The Master/Slave can be configured admin/settings/proxy. If you run LUCY as an external proxy within the DMZ (facing the internet) then you need to choose "the instance type "proxy" and define LUCY's master IP address: The Master/Slave can be configured admin/settings/proxy. If you run LUCY as an external proxy within the DMZ (facing the internet) then you need to choose "the instance type "proxy" and define LUCY's master IP address:
  
-{{ proxy1.png?600 }}+{{:master_slave.png?600|}}
  
 Please contact our support for further help on this topic (support@lucysecurity.com).  Please contact our support for further help on this topic (support@lucysecurity.com). 
Line 31: Line 31:
 ===== Ports and Updates ===== ===== Ports and Updates =====
  
-Both master-slave approaches (reverse proxy and DMZ-based) use only https ports (port 443). A "recipient" is an end user. For a **proxy**, the firewall configuration would be:+Both master-slave approaches (reverse proxy and DMZ-based) use only HTTPS port (443). A "recipient" is an end user. For a **proxy**, the firewall configuration would be:
  
   * master should allow connections from slave to port 443   * master should allow connections from slave to port 443
 +  * master should allow connections from slave to port 25 (if the SMTP method selected for the incidents reporting)
   * master should allow connections from Lucy admin computers to port 443   * master should allow connections from Lucy admin computers to port 443
   * slave should allow connections from "recipients" to ports 443, 80   * slave should allow connections from "recipients" to ports 443, 80
-  * master must be able to send mails via port 25+  * master must be able to send emails via port 25
  
  
Line 44: Line 45:
   * slave should allow connections from master to port 443   * slave should allow connections from master to port 443
   * master should allow connections from Lucy admin computers to port 443   * master should allow connections from Lucy admin computers to port 443
-  * slave must be able to send mails via port 25+  * slave must be able to send emails via port 25
  
-**Updates**: both workstations are updated separately.+**Updates**: both workstations are updated separately and should have access to [[network_communication_-_lucy_--_internet#outbound_communicationsorted_by_port_ip|Lucy Update/License Server]].
  
setting_up_a_lucy_master_slave.txt · Last modified: 2020/09/21 08:55 by lucy