In the event of an active server failure where the server cannot be restored (flooding, fire, meteor impact, hardware failure, etc.), follow these steps to convert the backup server to the new production server and then configure a new backup server.
(Multi-tenant) - In a multi-tenant deployment, each machine (main account and host machines) has its own backup server. You can switch from the production server to the backup server for any or all of the machines in your deployment.
Before you start you need to Configure the Live Backup Environment.
On the standby server, follow the steps in Transition a Standby Server to Active Mode.
If your analysts use a single, pivoting host name to connect to the active Cortex XSOAR server, update your DNS record to re-point your Cortex XSOAR server host name to the now active server. For more information about host names, see Host Names, DNS, and Disaster Recovery.
If using engines, confirm that they are connected in→ → .
If they have not reconnected and you have confirmed that network connectivity is good between the engine and the now active (previously backup) server (i.e., it is reachable on TCP 443 or the port you have configured), then follow the guidance in Host Names, DNS, and Disaster Recovery.
Obtain a new server environment according to your requirements.
Do not install Cortex XSOAR until step 5.
Follow the procedure for Configure the Live Backup Environment using your now-active server as the primary host, and copying its files and data to the newly-built Cortex XSOAR server. Confirm that Live Backup is working.
If appropriate for your environment (depends on whether you want to remain on the present active node), transition the active node over to the newly-built host by following the procedure Transition an Active Server to Standby Mode and confirming that Live Backup is again operational.
If applicable, follow Step 3 to reconfirm that engines are connected.
Re-point your shared DNS record, if applicable, back to the primary Cortex XSOAR server and have analysts reconnect.
Confirm that Cortex XSOAR is working by confirming that your integrations are working properly, incidents are being created normally, and that analysts can login and work normally in Cortex XSOAR.