Understand Cortex XSOAR engine architecture, load balancing groups, installation and configurations.
Cortex XSOAR engines are installed in a remote network and allow communication between the remote network and the Cortex XSOAR server. You can run scripts and integration commands on an engine. It is possible to install a single engine or multiple engines.
You can install multiple engines on the same machine (Shell installation only) which is useful in a dev-prod environment where you do not want to have numerous engines in different environments, and to manage those machines. In a multi-tenant environment, users may want to deploy engines for tenants on the same machine, and you can share an engine between tenants.
Note
You cannot share a multiple engine installation with a single engine installation.
An engine is implemented as follows.
Engine Proxy
Cortex XSOAR engines enable the Cortex XSOAR server to access internal or external services that are otherwise blocked by a firewall or a proxy, etc. For example, if a firewall blocks external communication and you want to run the Rasterize integration, you need to install an engine to access the Internet.
Engine Architecture
Within the network, you need to allow the engine to access the Cortex XSOAR server's IP address and listening port (by default, TCP 443). The engine always initiates the communication to the server.
Engine Load-Balancing
Engines can be part of a load-balancing group, which enables distribution of the command execution load. The load-balancing group uses an algorithm to efficiently share the workload for integrations that the group is assigned to, thereby speeding up execution time. In general, heavy workloads are caused by playbooks that run a high number of commands.
Before configuring an integration to run using multiple engines in a load-balancing group, it is recommended that you test the integration using a single engine in the load-balancing group.
Note
When you add an engine to a load balancing group, you cannot use that engine separately. The engine does not appear in the engines drop-down menu when configuring an integration instance.
Engine Installation and Configuration
You can Install an Engine on Linux and Windows machines. After installing the engine, you can configure and manage engines, including setting a web proxy, adding and removing engines, configuring the number of workers, etc. Before installing, review the the system requirements in Install an Engine.
Note
You need to install Docker before installing an engine. If you use the Shell installer, Docker is automatically installed. Therefore, we highly recommend using Linux and not Windows to be able to use the Shell Installer which installs all dependencies.