Mandiant, Inc.
System and method for managing formation and modification of a cluster within a malware detection system

Abstract:

A method to ensure availability of a plurality of computing nodes operating within a cluster that analyzes suspicious objects received from geographically remote sensors for malware is described. Responsive to a change in operability of a cluster, a determination is made whether the change is directed to a broker computing node or an analytic computing node. Where the change is a failover experienced by a broker computing node, a determination is made whether the cluster includes a plurality of broker computing nodes, and if not, an analytic computing node is configured to operate as a second broker computing node. For a takeover event, however, a determination is made whether the cluster includes a plurality of broker computing nodes, and if not, the analytic computing node operates as the second broker computing node. The first broker computing node is subsequently placed into an off-line status until maintenance has completed.