DR Scenario: Testing the DR Environment - Administrator Guide - 6.8 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide

Product
Cortex XSOAR
Version
6.8
Creation date
2022-09-28
Last date published
2024-03-21
End_of_Life
EoL
Category
Administrator Guide
Abstract

Test the disaster recovery environment (live backup) in Cortex XSOAR. Make the backup server the production server.

Before you make the backup server the new production server, ensure the original production server is down (not live). If you make the backup server the new production server while the original production server is still live, you can experience significant issues.

After completing your test of the failover scenario (backup environment), you need to revert the server to its original state, which you can do through the UI or by modifying the configuration file.

Note

(Multi-tenant) - When using Live Backup in a multi-tenant deployment, each host machine has a backup server. When testing the disaster recovery environment, follow these steps to test each host machine separately, including the main account machine.

  1. If you want to use Cortex XSOAR to backup the server, do the following:

    1. On the live production server, select SettingsAdvancedBackupsSwitch Hosts.

      (Multi-tenant) - For a multi-tenant deployment, go to SettingsAccount ManagementHosts. If you want to switch for the main host instead, go to SettingsAccount ManagementMain Hosts. Select the desired host, click the Live Backup button, and then Switch Hosts.

    2. When prompted, complete the online Switch Hosts instructions.

      Ensure that the production server is not live.

      (Multi-tenant) - Ensure that the production server for this machine is not live.

    3. Go to the backup server and follow the on-screen instructions to make the backup server the production server.

    4. In the backup server environment, go to SettingsAboutTroubleshooting.

    5. For the External Host Name key, update the value to the host name of the backup server (the new production server).

      The backup server is unaware of its external host name.

      After a successful switch, the backup server is now live.

  2. If you want to use a configuration file to test the DR environment, do the following:

    1. On the production server, stop the server:

      sudo service demisto stop

    2. Open the /etc/demisto.conf file on the production server. If the Server.dr.enabled property is in the file, change it to true. If it is not in the file, add Server.dr.enabled and set it to true.

    3. Start the server and verify it is in disaster recovery mode. You should see This is currently the backup server.

    4. On the backup server, stop the server:

      sudo service demisto stop

    5. Open the /etc/demisto.conf file on the backup server. If the Server.dr.enabled property is in the file, change it to false. If it is not in the file, add Server.dr.enabled and set it to false.

    6. Start the backup server.

      The original production server is now the backup server and the original backup server is now the production server. Access the new production server using its IP address to check that the server is up and running.

  3. To revert to the original settings, repeat the steps above.

    When following the instructions, remember the backup server is now the production server and the production server is now the backup server.