Configure Live Backup - Multi-Tenant Guide - 6.10 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Multi-Tenant Guide

Product
Cortex XSOAR
Version
6.10
Creation date
2022-10-13
Last date published
2024-02-07
End_of_Life
EoL
Category
Multi-Tenant Guide

Ensure you have satisfied all prerequisites before you configure Live Backup.

  • Install and configure a Cortex XSOAR multi-tenant deployment, a main server and at least one host server.

  • Root access.

  • Internet access.

You need to configure Live Backup for the main server and each host server.

Note

You must install the same Cortex XSOAR version and build on all servers.

When using Cortex XSOAR with Elasticsearch, Live Backup is not available. To back up or restore the contents of your Elasticsearch database, follow the instructions in the Elasticsearch documentation. Alternatively, you can also implement a full high availability solution.High Availability Overview

Live Backup architecture

The example provided assumes a multi-tenant architecture with four servers.

  • Main server (already installed)

  • Host server (already installed)

  • Backup main server

  • Backup host server

Files and folders

These are the files and folders you migrate from the main server and host server to the backup main server and backup host server, respectively.

File/Folder

Location

Data

/var/lib/demisto/data

Artifacts

/var/lib/demisto/artifacts

Attachments

/var/lib/demisto/attachments

Images

/var/lib/demisto/images

System Tools

/var/lib/demisto/systemTools

Tenants

/var/lib/demisto/tenants

Public Key

/usr/local/demisto/cert.key

PEM file

/usr/local/demisto/cert.pem

License

The file is stored in one of the following directories:

  • /usr/local/demisto/demisto.lic

  • /var/lib/demisto/demisto.lic

Troubleshooting

When switching to an active backup server, after updating the External Host Name, the Main account URL value is updated automatically. In rare cases where there is a connectivity issue, or the main server and host are switched before updating each other (the Main account URL value was not updated), you need to update the Main account URL value, by going to SettingsABOUTTroubleshooting on all host machines.

  1. Install and configure Cortex XSOAR on the backup main server.

    1. Run the ./<demistoserver-xxxx.sh> -- -multi-tenant -dr -do-not-start-server command as root user to install Cortex XSOAR.

    2. On the main server machine, set all necessary server configurations, for example, External host name, Archiving, Log Level, and so on.

    3. On the main server machine go to SettingsACCOUNT MANAGEMENTHostsNew Host/HA Group to download a host installer file.

    4. Get the host installer file by one of the following methods.

      • Download the file.

      • Retrieve the file from the /artifacts folder.

  2. Install and configure the host server and backup host server.

    1. Copy the host installer file from the main server to the backup host server.

    2. On the backup host server machine run the ./<hostinstaller.sh> -- -dr -do-not-start-server command as root user to install Cortex XSOAR.

    3. On the host server machine, set all necessary server configurations, for example, External host name, Archiving, Log Level, Log level, and so on.

    4. On the main server machine, go to SettingsACCOUNT MANAGEMENT and verify that the main server recognizes the host server.

      All statuses should be green.

  3. Configure Live Backup for the main server.

    1. On the main server machine, go to SettingsACCOUNT MANAGEMENTMain Hosts. Select the host and click Live Backup.

    2. Enable the Live Backup option.

    3. In the Hostname/IP Address field enter the hostname or IP address of the backup main server.

    4. In the Port field enter the port of the backup main server.

    5. Click Save Live Backup configuration.

  4. Configure Live Backup for the host server.

    1. On the main server machine, go to SettingsACCOUNT MANAGEMENTHosts. Select the host and click Live Backup.

    2. Enable the Live Backup option.

    3. In the Hostname/IP Address field enter the hostname or IP address of the backup host server.

    4. In the Port field enter the port of the backup host server.

    5. Click Save Live Backup configuration.

  5. When prompted, restart the servers.

  6. Shut down the main server and host server in the following order.

    • Main server

    • Host server

  7. For each server (main server and all hosts), create a tarball file of the necessary files and folders and copy to the backup server.

    1. Ensure that all files and folders located in /var/lib/demisto have demisto:demisto ownership:

      chown -R demisto:demisto /var/lib/demisto

    2. Create the tarball file:

      sudo tar --ignore-failed-read -pczf demistoBackup.tgz /var/lib/demisto /usr/local/demisto/cert.key /usr/local/demisto/cert.pem /usr/local/demisto/demisto.lic

      Sometimes the demisto.lic file is located in /var/lib/demisto/demisto.lic rather than /usr/local/demisto/demisto.lic. If so, change the directory in the command.

    3. Verify the integrity of the tar file:

      md5sum demistoBackup.tgz

    4. Print the contents of the tar file to a text file:

      tar -tvf demistoBackup.tgz > demistoBackup.txt

      Do not delete the text file.

    5. Transfer the tarball file (demistoBackup.tgz) to the backup server, using your preferred tool such as scp:

      # scp demistoBackup.tgz root@<yourBackupServerIPortHostname>:/root

    6. On the backup server, check the MD5 Checksum and compare it to the original file to verify the tar file is 100% valid:

      md5sum demistoBackup.tgz

      The MD5 sum is displayed. Compare this value against the MD5 sum saved in demistoBackup.txt in Step 4.

  8. On the backup server, extract the backup tarball file (original file permissions and ownership are preserved):

    sudo tar -C / -xzpvf demistoBackup.tgz

  9. Ensure all the copied files and folders have demisto:demisto ownership.

  10. Start the servers in the following order.

    • Backup main server

    • Backup host server

    • Main server

    • Host server

  11. When all servers are up, confirm that Live Backup is running successfully.

    1. On the main server machine, go to SettingsADVANCEDBackups and verify that there are no errors.

    2. (Recommended) Create an incident on each tenant account and verify that there are no errors.