Add a Host - Multi-Tenant Guide - EoL - 6.11 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Multi-Tenant Guide

Product
Cortex XSOAR
Version
6.11
Creation date
2022-12-12
Last date published
2024-07-16
Category
Multi-Tenant Guide
End of Life > EoL
Abstract

Add a new host server and scale out Cortex XSOAR multi-tenant deployments by spreading tenants across host servers.

We recommend that you continually monitor your servers' CPU, memory, and storage usage. When capacity is reached, consider moving tenants to a new host server.

The host installation package installs and configures the new host, including the settings that will automatically connect the new host to your existing main server.

You can use the same package for all hosts that you want to add, unless you need to change the server's External Host Name or the default admin. In this case, you need to create a new host installer package for each host.

You access a new host with the multi-tenant default admin credentials that generates the host installation file.

All machines (hosts and main accounts) must be time synced, even if they are located in different time zones.

The host machine must meet the Multi-Tenant Sizing Requirements.

If creating a host group, follow the same procedure, but you need to add the Elasticsearch cluster URL and the Elasticsearch index prefix. The index prefix enables the indexing of term prefixes to speed up prefix searches. All hosts must have same specifications.

Note

  • Once the main host servers are highly available, you can no longer host new accounts on those servers. Existing accounts on the Main host will still exist, but are not highly available. In this situation, Cortex XSOAR recommends that you move the accounts from the Main host to an HA group.

  • Run all installation commands as root user.

  1. In Cortex XSOAR, go to SettingsACCOUNT MANAGEMENT.

  2. Click the Hosts tab and select New Host from the New Host/HA Group dropdown menu on the right.

  3. When prompted, click the Download button to download and save the installation package.

  4. On the new host server machine, run the chmod +x demistohost-xxx.sh command to make the installer package an executable file.

  5. Run the sudo ./demistohost-xxx.sh command to install the host package.

  6. When prompted, enter the listening port used by the Cortex XSOAR server.

    The default listening port is 443.

After you add a host, the host UI is accessible, but there is no content. It serves as a proxy to the tenant accounts from the main account.

Troubleshooting

If the new host does not appear in the ACCOUNT MANAGEMENT page, try the following.

  • Check the status of the host to make sure that the new service is up and running. Try restarting the host server, and if the issue persists, check the logs for potential errors. You can connect to the host using a browser with the Cortex XSOAR server default admin user to access logs and view status.

  • Check that there are no firewalls or other network devices that might block access from the new host to the Cortex XSOAR server. You can try telnet or curl from host to the Cortex XSOAR server listening port (default is 443 default) to check if the server is accessible.

  • If the host does not connect, log in to the host machine and make sure you can reach the external hostname defined on the main machine.