QRadar Hybrid Setup by using Data Synchronization app
In large, distributed deployments, collectors, processors, and consoles are geographically distributed. If one data centre becomes unavailable, the remaining data centers can continue to operate, and a full environment failover is not required.
In Hybrid setup, only selected main site hosts are paired with destination site hosts, while the remaining main site hosts stay unpaired. During failover, the paired hosts fail over to their corresponding destination site hosts, and the unpaired hosts are automatically sent to the destination site. This approach allows failover to be performed only for the required hosts instead of the entire environment.
- An actual disaster recovery where the console is not available but the other deployment hosts are still running.
- A disaster recovery exercise where the main site is still available during the disaster recovery process.
Prerequisite
- Ensure that both IBM® QRadar consoles (main and destination console) are installed with the same software version, which is UP14 or later. Data Synchronization App version must be 3.3.0 or later.
- You must have network access between managed host to main and the DR site before the failover or failback operation. If any managed host is not reachable to DR sites, it is shown as an unknown host.
- Ensure that you logged in using the 'admin' username to perform failover and failback operations.
- Ensure that backups generated on the main site are transferred to the destination site before initiating a failover, and that backups generated on the destination site are transferred back to the main site before initiating a failback.
- Only root user can run the SSH activities for the failover and failback operations.
- If you want to restore app volume data on the destination site manually after failover, you must
generate an app volume backup before failover and failback operation.
- Ensure that the app volume backup timer and jobs are turned on (
systemctl status app_sync.timerandsystemctl status app_sync.service) for auto transfer to work as required. This feature is only available to the main site console. - When apps are installed on the console, your app volume backup gets an auto transfer to the destination site.
- When apps are installed on the AppHost, move all installed apps to the main site console before you run the failover and failback operations.
- The following procedure is an example of generating an app volume backup.
- See Backing up and restoring app data to back up an app volume data.
- Transfer the app volume backup from the main site console to the destination site console by
running the following command on the main site
console.
systemctl start app_sync - Verify the transfer on the destination site console directory (/store/app_sync/backups). If the transfer is unsuccessful or with issues, copy the app volume backup from the main site console (/store/apps/backup) directory to the destination site console (/store/app_sync/backups) directory.
- Ensure that the app volume backup timer and jobs are turned on (
- If HA configuration exists in the environment, remove HA configuration from destination site before failover and remove HA configuration from main site before failback operation.
Procedure
To enable Disaster Recovery (DR) for Hybrid (Partial Pairing) setup, configure the required main site hosts and pair them with corresponding hosts at the remote destination site. In hybrid deployments, only selected hosts are paired for DR, while other main site hosts remain unpaired.
For deployments where partial DR resiliency is required, switch deployment control from the main site to the destination site during a failover. During this process, paired hosts fail over to their corresponding destination site hosts, and unpaired main site hosts are sent to the destination site as needed.
You can use the Data Synchronization app to resolve issues in deployments that span multiple sites. The original site serves as the main site, and the disaster recovery site serves as the destination site. You can switch the deployment control back to the main site from the destination site and reactivate the main site
To implement the Hybrid setup, use the following procedure.