1. Home
    2. Security Operations
    3. Cortex XSOAR
    4. Cortex XSOAR Administrator’s Guide
    5. High Availability
    6. Install Additional App Servers
    End-of-Life (EoL)

    Install Additional App Servers

    Install additional app servers for a Cortex XSOAR high availability configuration.
    To implement a full high availability configuration, you should install a load balancer, configure a shared directory, and install additional app servers.

    Install a Load Balancer

    Cortex XSOAR recommends using a load balancer or round-robin DNS server to ensure proper high availability and to avoid having a single point of failure for certain components, such as engines, communication tasks, and usage of the API.
    When connecting through the load balancer, you can validate the app server you are connected to by adding the
    /remoteServer/appID
     to the URL
    https://<load balancer url>/remoteServer/app
    .
    1. In Cortex XSOAR, navigate to
      Settings
      About
      Troubleshooting
      .
    2. In the Server Configuration section, enter the external host name in the External Host Name configuration key. This is the Cortex XSOAR address registered in the load balancer or DNS.
    3. Update engines to connect through the load balancer.

    Configure a Shared Directory

    Configure a shared directory, using the network file sharing solution of your choice, on each Cortex XSOAR app server. Migrate the
    /var/lib/demisto
     directory to the shared file system before installing additional application servers.
    If you are using a location that is different from the default
    /var/lib/demisto
    , you must install the additional app servers using the
    -data-dir
     flag.
    1. Stop the service on the first Cortex XSOAR application server.
    2. Migrate the
      /var/lib/demisto
       directory, without the
      /var/lib/demisto/temp
       subdirectory, to the shared file system.
      2. Copy the
        demisto.lic
         file from
        /usr/local/demisto
         to the shared directory.
        cp /usr/local/demisto/demisto.lic /<share>/var/lib/demisto
    3. Modify
      /etc/demisto.conf
       to reference the shared file system, using the example below.
      1. The
        folders.lib
         key must point to the location of the shared file system.
      2. The
        folders.temp
         key must be local to the individual app server and not shared. To change the location of the temp directory, edit the
        folders.temp
         key in the
        demisto.conf
        file.
        (
        Multi-tenant
        ) - For a multi-tenant deployment, the
        folders.temp
         conf key must be updated per tenant on each host. The tenant conf file can be found at
        /usr/local/demisto/tenants/acc_{
        tenant_name
        }/server.conf
      3. Add or modify the license key at the end of
        /etc/demisto.conf
        . 
        
  "folders": {
               "lib": "/<share>/var/lib/demisto",
               "temp": "/var/lib/demisto/temp"
       },
       "license": {
               "file": {
                       "path": "/<shared>/var/lib/demisto"
               }
       },
    4. Start the service on the first Cortex XSOAR app server.
    5. Verify that you see the shared folder
      /<share>/var/lib/demisto
      ls -lh /<share>/var/lib/demisto

    Install Additional App Servers

    1. Install additional Cortex XSOAR app servers using the following command:
      sudo ./demistoserver-X.sh -- -ha -elasticsearch-url=<url>-elasticsearch-username=<elasticUsername> -elasticsearch-password=<elasticUserPassword> -cluster-address=<internal-app-server-address> -do-not-start-server
      (
      Multi-tenant
      ) - To install additional app servers in a multi-tenant deployment, add the -multi-tenant flag to the command.
      Parameter
      Description
      demistoserver-X
      The name of the Cortex XSOAR installer, where X is the version and build number.
      elasticsearch-url
      URL for the Elasticsearch DB (including prefix http/https and port).
      elasticsearch-username
      Username in Elasticsearch.
      elasticsearch-password
      Password for the Elasticsearch database user.
      cluster-address
      The app server’s internal address to be used for in cluster communication. Other app servers use this address to communicate with this specific Cortex XSOAR instance.
      temp-folder="filepath/tmp"
      In the shared file system for a high availability environment, the temp directory must be local and not shared.
      ha
      Verifies user has set up data-dir correctly as a shared folder for high availability, before installing Cortex XSOAR. Confirms demisto user and group exist, demisto user is in the demisto group, data-dir (default path: /var/lib/demisto) exists, and data-dir is owned by user demisto and group demisto.
      data-dir
      (Optional) The directory that is shared by all app servers in the cluster. Default: /var/lib/demisto.
      y
      (Optional) The flag that completes the installation silently by answering yes to the remaining installation questions. Default settings are applied where applicable, and the EULA is automatically accepted.
    2. Validate that the shared file system is seen as being owned by the
      demisto:demisto user
      ls -lh /<share>/var/lib/demisto
    3. Modify the
      /etc/demisto.conf
      file with the additions made to the first app server:
      1. Configure the
        externalEntities
         key, if it does not already exist.
      2. Configure the
        lib
         folder for the shared directory.
      3. Add the temp folder path outside of the mounted remote file system for better performance.
      4. Update the license path.
      5. Add the elastic index configuration matching the first server (if applicable).
    4. Start the server.
      sudo service demisto start

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2022 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo