Configure a live backup environment by mirroring your production server to a backup server in Cortex XSOAR.
Live Backup enables you to mirror your production server to a backup server, and in disaster recovery scenarios to easily convert your backup server to be the production server.
When using Cortex XSOAR with Elasticsearch, Live Backup is not available. To back up or restore the contents of your Elasticsearch database, follow the instructions for Disaster Recovery for Elasticsearch. Alternatively, you can also implement a full high availability solution.
Caution
Before you start, ensure that you save the disaster recovery configurations before you copy all files.
These instructions do NOT apply to multi-tenant deployments. Instead, follow the Configure Live Backup instructions in the multi-tenant guide.
On the production server, enable live backup.
Go to
→ → → .Verify that the External Host Name is correct.
Click Add Server Configuration.
Add the following key and value.
Key
Value
ui.livebackup
true
Go to Live Backup field, select ON.
→ and in theAdd the following backup server parameters.
Parameters
Value
Hostname/IP Address
Backup server IP address or Host name (without https:// prefix).
Port
Default is 443.
Trust server certificate (unsecured)
ON: certificates are not checked. OFF: certificates are checked.
Use proxy
Select whether to use a proxy.
On the backup machine (with a different host name or IP address), install Cortex XSOAR.
sudo ./demistoserver-xxxx.sh -- -dr -do-not-start-server
Verify that the backup server is accessible from the production server through port 443 (or any other port configured as a listening port). Ensure that there are no firewalls that might drop communication.
On the production server, stop the Cortex XSOAR server:
sudo service demisto stop
On the production server, create a tarball file of the necessary files and folders on the production server and copy it to the backup server.
Note
This process may take several hours, depending on your server specs and the amount of data that needs to be copied.
Ensure that all files and folders located in
/var/lib/demisto
havedemisto:demisto
ownership:chown -R demisto:demisto /var/lib/demisto
Create the tarball file:
tar --ignore-failed-read -pczf demistoBackup.tgz /var/lib/demisto/data /var/lib/demisto/artifacts /var/lib/demisto/attachments /var/lib/demisto/images /var/lib/demisto/systemTools /var/lib/demisto/d2_server.key /usr/local/demisto/cert* /usr/local/demisto/demisto.lic
Sometimes the
demisto.lic
file is located in/var/lib/demisto/demisto.lic
rather than/usr/local/demisto/demisto.lic
. If so, change the directory in the command.If you have not set up a D2 server, you can remove
/var/lib/demisto/d2_server.key
.Verify the integrity of the tar file:
md5sum demistoBackup.tgz
Print the contents of the tar file to a text file:
tar -tvf demistoBackup.tgz > demistoBackup.txt
Do not delete the text file.
Transfer the tarball file (
demistoBackup.tgz
) to the backup server, using your preferred tool such as scp:# scp demistoBackup.tgz root@<yourBackupServerIPortHostname>:/root
On the backup server, check the MD5 Checksum and compare it to the original file to verify the tar file is 100% valid:
md5sum demistoBackup.tgz
The MD5 sum is displayed. Compare this value against the MD5 sum saved in demistoBackup.txt in Step 4.
On the backup server, extract the backup tarball file (original file permissions and ownership are preserved):
sudo tar -C / -xzpvf demistoBackup.tgz
Ensure all the copied files and folders have
demisto:demisto
ownership.Start the backup server:
sudo service demisto start
Start the production server:
sudo service demisto start
If the procedure is successful, Live Backup is ON.
If the server is active, Cortex XSOAR appears as usual when you connect. You can Transition an Active Server to Standby Mode or Transition a Standby Server to Active Mode.