Ensure you have satisfied all prerequisites before you configure Live Backup.
Install and configure a Cortex XSOAR multi-tenant deployment, a main server and at least one host server.
Root access.
Internet access.
You need to configure Live Backup for the main server and each host server.
Note
You must install the same Cortex XSOAR version and build on all servers.
When using Cortex XSOAR with Elasticsearch, Live Backup is not available. To back up or restore the contents of your Elasticsearch database, follow the instructions in the Elasticsearch documentation. Alternatively, you can also implement a full high availability solution.
Live Backup architecture
The example provided assumes a multi-tenant architecture with four servers.
Main server (already installed)
Host server (already installed)
Backup main server
Backup host server
Files and folders
These are the files and folders you migrate from the main server and host server to the backup main server and backup host server, respectively.
File/Folder | Location |
---|---|
Data |
|
Artifacts |
|
Attachments |
|
Images |
|
System Tools |
|
Tenants |
|
Public Key |
|
PEM file |
|
License | The file is stored in one of the following directories:
|
Troubleshooting
When switching to an active backup server, after updating the External Host Name, the Main account URL value is updated automatically. In rare cases where there is a connectivity issue, or the main server and host are switched before updating each other (the Main account URL value was not updated), you need to update the Main account URL value, by going to → → on all host machines.
Install and configure Cortex XSOAR on the backup main server.
Run the
./<demistoserver-xxxx.sh> -- -multi-tenant -dr -do-not-start-server
command as root user to install Cortex XSOAR.On the main server machine, set all necessary server configurations, for example,
External host name
,Archiving
,Log Level
, and so on.On the main server machine go to
→ → → to download a host installer file.Get the host installer file by one of the following methods.
Download the file.
Retrieve the file from the
/artifacts
folder.
Install and configure the host server and backup host server.
Copy the host installer file from the main server to the backup host server.
On the backup host server machine run the
./<hostinstaller.sh> -- -dr -do-not-start-server
command as root user to install Cortex XSOAR.On the host server machine, set all necessary server configurations, for example,
External host name
,Archiving
,Log Level
,Log level
, and so on.On the main server machine, go to
→ and verify that the main server recognizes the host server.All statuses should be green.
Configure Live Backup for the main server.
On the main server machine, go to Live Backup.
→ → . Select the host and clickEnable the Live Backup option.
In the Hostname/IP Address field enter the hostname or IP address of the backup main server.
In the Port field enter the port of the backup main server.
Click Save Live Backup configuration.
Configure Live Backup for the host server.
On the main server machine, go to Live Backup.
→ → . Select the host and clickEnable the Live Backup option.
In the Hostname/IP Address field enter the hostname or IP address of the backup host server.
In the Port field enter the port of the backup host server.
Click Save Live Backup configuration.
When prompted, restart the servers.
Shut down the main server and host server in the following order.
Main server
Host server
For each server (main server and all hosts), create a tarball file of the necessary files and folders and copy to the backup server.
Ensure that all files and folders located in
/var/lib/demisto
havedemisto:demisto
ownership:chown -R demisto:demisto /var/lib/demisto
Create the tarball file:
sudo tar --ignore-failed-read -pczf demistoBackup.tgz /var/lib/demisto /usr/local/demisto/cert.key /usr/local/demisto/cert.pem /usr/local/demisto/demisto.lic
Sometimes the
demisto.lic
file is located in/var/lib/demisto/demisto.lic
rather than/usr/local/demisto/demisto.lic
. If so, change the directory in the command.Verify the integrity of the tar file:
md5sum demistoBackup.tgz
Print the contents of the tar file to a text file:
tar -tvf demistoBackup.tgz > demistoBackup.txt
Do not delete the text file.
Transfer the tarball file (
demistoBackup.tgz
) to the backup server, using your preferred tool such as scp:# scp demistoBackup.tgz root@<yourBackupServerIPortHostname>:/root
On the backup server, check the MD5 Checksum and compare it to the original file to verify the tar file is 100% valid:
md5sum demistoBackup.tgz
The MD5 sum is displayed. Compare this value against the MD5 sum saved in demistoBackup.txt in Step 4.
On the backup server, extract the backup tarball file (original file permissions and ownership are preserved):
sudo tar -C / -xzpvf demistoBackup.tgz
Ensure all the copied files and folders have
demisto:demisto
ownership.Start the servers in the following order.
Backup main server
Backup host server
Main server
Host server
When all servers are up, confirm that Live Backup is running successfully.
On the main server machine, go to
→ → and verify that there are no errors.(Recommended) Create an incident on each tenant account and verify that there are no errors.