Switching deployment control from the main site console to the destination site console
When you activate the destination site, Ariel data synchronization and all Ariel copy profiles are disabled on the main site but services are not suppressed.
Before you begin
Complete the Prerequisite tasks described in QRadar Hybrid Setup by using Data Synchronization app.
Before you initiate Failover operation, open the Disaster recovery dashboard and verify the system readiness status by reviewing all required health checks. Resolve any failed checks before proceeding with the Failover operation
After a backup is generated on main site, the system transfers that backup to destination site. Open the Backup and Recovery screen to check whether the transferred backup is visible. If the transferred backup is not visible, refresh the Backup and Recovery screen.For the following scenarios, you can switch deployment control from the main site console to the destination site console.
- The Hybrid setup of Data Synchronization app support failover and failback for the following scenarios.
- An actual disaster recovery where the console is not available but the other deployment hosts are still running.
- A disaster recovery exercise where the main site is still available during the disaster recovery process.
- During failover, the unpaired managed hosts is sent back from the main site to the destination site.
- If any managed host is down during failover operation due to any reason, it might cause the destination site to show unexpected behavior at activation. To resolve this issue, contact IBM Support. This issue will be resolved in a future release of the Data Synchronization app.
- Backups from both the main and destination sites should be backed up in an alternate location. If they are deleted due to a retention policy or any other reason, the alternate location should serve as a source for restoring the backups.
- Applications volume backups of both sites should be stored in an alternate location. During failover, if the main site is unavailable and applications are installed on the main site App-Host, the volume backup is used to get back the state of Data Synchronization app on main site after failover.
Applications installed on the console is only supported during failover and failback operations.
Failover cannot be performed when applications are installed on the App Host and the main site is available.
If the main site is unavailable and applications are installed on the App Host at the main site, failover is supported. However, manual stabilization steps may be required after failover, as described in the documentation.
Before failover, any changes made to Business Rules (host group mapping) since the Pairing Configuration was performed may affect the failover operation.
High Availability (HA) must be removed from the destination site console or any paired MH before failover.
Applications restoration need to be performed manually in Hybrid Setup. To perform app restoration, the following steps must be followed during failover and failback.
Apps volume backup are being transferred automatically as per daily schedule. However it is advised to take latest volume backup.
- To take an app volume backup from the main site console:
- Apps that run on the console
- See Backing up and restoring app data to back up an app volume data from the main site console.
- Transfer the app volume backup from the destination site console to the main site console by
running the following command on the destination site
console.
systemctl start app_sync - Verify the transfer on the destination site console directory (/store/app_sync/backups). If the transfer is unsuccessful or with issues, copy the app volume backup from the main site console (/store/apps/backup) directory to the destination site console (/store/app_sync/backups) directory.
- Apps that run on AppHost
- Move all installed apps to the main site console.
- See Backing up and restoring app data to back up an app volume data from the main site console.
- Transfer the app volume backup from the main site console to the main site console by running
the following command on the main site console.
systemctl start app_sync - Verify the transfer on the destination site console directory (/store/app_sync/backups). If the transfer is unsuccessful or with issues, copy the app volume backup from the main site console (/store/apps/backup) directory to the destination site console (/store/app_sync/backups) directory.
- Apps that run on the console
- To take an app volume backup from the destination site console (Apps that run on the console):
- See Backing up and restoring app data to back up app volume data from the destination site console.
- Transfer app volume backup data from the destination site console (/store/app_sync/backups) to the main site console (/store/app_sync/backups) directory.
Procedure
What to do next
- After failover, if any paired managed host is in an unknown state, go to .
- After the failover process is completed, if the pairing connection between both sites' hosts is removed, the hosts must first be unpaired the hosts and then paired again. To unpair the host, see Unpairing hosts. To pair the host see Pairing managed hosts..
- To restore the main site apps on the destination console, take the following steps:
- If a user at the destination site needs to access an application that was available on the main site but is not accessible from the destination site, it should be reinstalled by using Destination Console site -> IBM QRadar Hub (formerly known as IBM QRadar Assistant) -> Applications-> Installed Extensions section.
- Back up volume data of the existing apps on the destination site console before you proceed to
restoration operations.
- Ensure that the correct apps volume backup is available on the destination site console. To restore transferred apps volume backups, copy the app volume backup data from /store/app_sync/backups to /store/apps/backup.
- Restore only the necessary apps and the apps of smaller sizes. To restore more apps on the
destination site or to keep the apps on the DR site for a longer time:
- Migrate the apps from the destination site console to AppHost.
- Proceed to the restoration procedure.
- See Backing up and restoring app data to restore app volume data. The standard practice is to use UUID while restoring apps volume backup.
- Do not restore the Data Synchronization app volume on the destination site console. Data Synchronization app is necessary to maintain its own state and to run failback operation as to activate the main site.
- If any apps are found in an Error state after restoration is complete or after the failover or
failback operation, restart the apps by using the
qappmanagerutility (/opt/qradar/support/qappmanager).
- In Hybrid setup, during failover and failback, only the license key information is restored. The managed host retains the corresponding nonConsoleEventLimit or flowLimit parameters that are defined within the license key. You need to manually reconfigure license pool allocations by using Console Admin -> System and License Management -> Change Display Drop down: Licenses -> License Pool Management.