End-of-Life (EoL)

Install Additional App Servers

Install additional app servers for a Cortex XSOAR high availability configuration.
To implement a full high availability configuration, you should install a load balancer, configure a shared directory, and install additional app servers.

Install a Load Balancer

Cortex XSOAR recommends using a load balancer or round-robin DNS server to ensure proper high availability and to avoid having a single point of failure for certain components, such as engines, communication tasks, and usage of the API.
When connecting through the load balancer, you can validate the app server you are connected to by adding the
/remoteServer/appID
to the URL
https://<load balancer url>/remoteServer/app
.
  1. In Cortex XSOAR, navigate to
    Settings
    About
    Troubleshooting
    .
  2. In the Server Configuration section, enter the external host name in the External Host Name configuration key. This is the Cortex XSOAR address registered in the load balancer or DNS.
  3. Update engines to connect through the load balancer.

Configure a Shared Directory

Configure a shared directory, using the network file sharing solution of your choice, on each Cortex XSOAR app server. Migrate the
/var/lib/demisto
directory to the shared file system before installing additional application servers.
If you are using a location that is different from the default
/var/lib/demisto
, you must install the additional app servers using the
-data-dir
flag.
  1. Stop the service on the first Cortex XSOAR application server.
  2. Migrate the
    /var/lib/demisto
    directory, without the
    /var/lib/demisto/temp
    subdirectory, to the shared file system.
    1. Copy the
      demisto.lic
      file from
      /usr/local/demisto
      to the shared directory.
      cp /usr/local/demisto/demisto.lic /<share>/var/lib/demisto
  3. Modify
    /etc/demisto.conf
    to reference the shared file system, using the example below.
    1. The
      folders.lib
      key must point to the location of the shared file system.
    2. The
      folders.temp
      key must be local to the individual app server and not shared. To change the location of the temp directory, edit the
      folders.temp
      key in the
      demisto.conf
      file.
      (
      Multi-tenant
      ) - For a multi-tenant deployment, the
      folders.temp
      conf key must be updated per tenant on each host. The tenant conf file can be found at
      /usr/local/demisto/tenants/acc_{
      tenant_name
      }/server.conf
    3. Add or modify the license key at the end of
      /etc/demisto.conf
      .
      "folders": { "lib": "/<share>/var/lib/demisto", "temp": "/var/lib/demisto/temp" }, "license": { "file": { "path": "/<shared>/var/lib/demisto" } },
  4. Start the service on the first Cortex XSOAR app server.
  5. Verify that you see the shared folder
    /<share>/var/lib/demisto
    ls -lh /<share>/var/lib/demisto

Install Additional App Servers

  1. Install additional Cortex XSOAR app servers using the following command:
    sudo ./demistoserver-X.sh -- -ha -elasticsearch-url=<url>-elasticsearch-username=<elasticUsername> -elasticsearch-password=<elasticUserPassword> -cluster-address=<internal-app-server-address> -do-not-start-server
    (
    Multi-tenant
    ) - To install additional app servers in a multi-tenant deployment, add the -multi-tenant flag to the command.
    Parameter
    Description
    demistoserver-X
    The name of the Cortex XSOAR installer, where X is the version and build number.
    elasticsearch-url
    URL for the Elasticsearch DB (including prefix http/https and port).
    elasticsearch-username
    Username in Elasticsearch.
    elasticsearch-password
    Password for the Elasticsearch database user.
    cluster-address
    The app server’s internal address to be used for in cluster communication. Other app servers use this address to communicate with this specific Cortex XSOAR instance.
    temp-folder="filepath/tmp"
    In the shared file system for a high availability environment, the temp directory must be local and not shared.
    ha
    Verifies user has set up data-dir correctly as a shared folder for high availability, before installing Cortex XSOAR. Confirms demisto user and group exist, demisto user is in the demisto group, data-dir (default path: /var/lib/demisto) exists, and data-dir is owned by user demisto and group demisto.
    data-dir
    (Optional) The directory that is shared by all app servers in the cluster. Default: /var/lib/demisto.
    y
    (Optional) The flag that completes the installation silently by answering yes to the remaining installation questions. Default settings are applied where applicable, and the EULA is automatically accepted.
  2. Validate that the shared file system is seen as being owned by the
    demisto:demisto user
    ls -lh /<share>/var/lib/demisto
  3. Modify the
    /etc/demisto.conf
    file with the additions made to the first app server:
    1. Configure the
      externalEntities
      key, if it does not already exist.
    2. Configure the
      lib
      folder for the shared directory.
    3. Add the temp folder path outside of the mounted remote file system for better performance.
    4. Update the license path.
    5. Add the elastic index configuration matching the first server (if applicable).
  4. Start the server.
    sudo service demisto start

Recommended For You