FAQs for Cortex XSOAR 8 On-Prem
What is the timeline for the Cortex XSOAR 8 On-prem GA release?
Cortex XSOAR On-prem is now GA. The first release does not support:
Migration
Migration from Cortex XSOAR 6 On-prem to Cortex XSOAR 8 On-prem is planned for Q4 2024.
MT/MSSP
Air-gapped environments
What are the required specifications for Cortex XSOAR 8 On-prem?
Cortex XSOAR 8 On-prem is delivered as a virtual appliance on a K8s cluster, which is available in VHD and OVA formats (MS hyper-V and VMWare hypervisors). We are planning additional formats to be released during 2024 and beyond.
The Cortex XSOAR tenant has specific minimum VM hardware requirements depending on the scale.
Component | Small scale (standalone - one VM) | Small scale (three VMs) | Medium scale (standalone and three VMs) | Large scale (standalone and three VMs) |
|---|---|---|---|---|
CPU | 16 CPU cores | 8 CPU cores | 32 CPU cores | 48 CPU cores |
Memory | 64 GB RAM | 32 GB RAM | 128 GB RAM | 192 GB RAM |
Storage | 256 GB hard disk plus an additional separate 1 TB* SSD for each instance of a virtual machine you want to deploy (for data) | 256 GB hard disk plus an additional separate 512 GB SSD for each instance of a virtual machine you want to deploy (for data) | 256 GB hard disk plus an additional separate 1.5 TB* SSD for each instance of a virtual machine you want to deploy (for data) | 256 GB hard disk plus an additional separate 2 TB* SSD for each instance of a virtual machine you want to deploy (for data) |
*1 TB = 1024 GB
Can Cortex XSOAR 6 hardware/database be reused for Cortex XSOAR 8?
Cortex XSOAR 8 On-prem does not share the same architecture and data structure as Cortex XSOAR 6. Moving between the versions requires migration and not an upgrade. For the migration process, which will be available later in 2024, XSOAR 6 and XSOAR 8 will need to be up and running simultaneously, which will require more hardware resources. In addition, Cortex XSOAR 8 will be delivered as a virtual appliance and cannot be connected to external DBs.
What is the added value of using a 3-nodes cluster?
Using a 3-node cluster replicates the data between nodes. The Cortex XSOAR high availability solution which will be available soon, will require at least 3 nodes.
You will need to choose between a standalone and cluster, but will not be able to change between deployments. This is not yet available and will come later (no ETA).
What is the purpose of the outbound On-prem Gateway connection to onpremgw.crtx.[region].paloaltonetworks.com?
This connection is used for the following:
Marketplace
Telemetry
Upgrade content packs
Do engines connect directly to the Cortex XSOAR On-prem nodes, or do they connect via the cloud?
The connection between engines to Cortex XSOAR On-prem is done directly and not through the cloud.
Do the dev and prod environments need to match, such as standalone and cluster, and node counts and sizes?
No. Each one is being managed as a separate tenant and they do not need to match.
Do users need any basic knowledge of Kubernetes?
No. As part of the virtual appliance, users will not have access to the k8s level.
Does scaling up or upgrading require downtime?
Yes, both actions involve downtime of Cortex XSOAR (both standalone and cluster).
Can the nodes in the cluster be deployed in different data centers for resiliency?
No. This is not supported.