Install Additional App Servers - Administrator Guide - 6.9 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide

Product
Cortex XSOAR
Version
6.9
Creation date
2022-09-29
Last date published
2024-04-15
End_of_Life
EoL
Category
Administrator Guide
Abstract

Install additional app servers for a Cortex XSOAR high availability configuration.

To implement a full high availability configuration, you should install a load balancer, configure a shared directory, and install additional app servers.

Install a Load Balancer

Cortex XSOAR recommends using a load balancer or round-robin DNS server to ensure proper high availability and to avoid having a single point of failure for certain components, such as engines, communication tasks, and usage of the API.

Note

When connecting through the load balancer, you can validate the app server you are connected to by adding the /remoteServer/appID to the URL https://<load balancer url>/remoteServer/app.

  1. In Cortex XSOAR, navigate to SettingsAboutTroubleshooting.

  2. In the Server Configuration section, enter the external host name in the External Host Name configuration key. This is the Cortex XSOAR address registered in the load balancer or DNS.

  3. Update engines to connect through the load balancer.

Configure a Shared Directory

Configure a shared directory, using the network file sharing solution of your choice, on each Cortex XSOAR app server. Migrate the /var/lib/demisto directory to the shared file system before installing additional application servers.

Note

If you are using a location that is different from the default /var/lib/demisto, you must install the additional app servers using the -data-dir flag.

  1. Stop the service on the first Cortex XSOAR application server.

  2. Migrate the /var/lib/demisto directory, without the /var/lib/demisto/temp subdirectory, to the shared file system.

    1. Move data folders.

    2. Copy the demisto.lic file from /usr/local/demisto to the shared directory.

      cp /usr/local/demisto/demisto.lic /<share>/var/lib/demisto

  3. Modify /etc/demisto.conf to reference the shared file system, using the example below.

    1. The folders.lib key must point to the location of the shared file system.

    2. The folders.temp key must be local to the individual app server and not shared. To change the location of the temp directory, edit the folders.temp key in the demisto.conf file.

      ( Multi-tenant) - For a multi-tenant deployment, the folders.temp conf key must be updated per tenant on each host. The tenant conf file can be found at /usr/local/demisto/tenants/acc_{ tenant_name}/server.conf

    3. Add or modify the license key at the end of /etc/demisto.conf.

        "folders": {
                     "lib": "/<share>/var/lib/demisto",
                     "temp": "/var/lib/demisto/temp"
             },
             "license": {
                     "file": {
                             "path": "/<shared>/var/lib/demisto"
                     }
             },
      	
      	
      	
      
  4. Start the service on the first Cortex XSOAR app server.

  5. Verify that you see the shared folder /<share>/var/lib/demisto

    ls -lh /<share>/var/lib/demisto