Configuring apps to work with DR

The Disaster Recovery system works with apps that run on an integration server or App Host .

Configuring apps running on an App Host

The Disaster Recovery system supports a SOAR appliance that is paired to one or more App Hosts .

About this task

When the SOAR appliance is configured to run apps with an App Host, the apps are installed on the SOAR Platform but run on a remote App Host. The App Manager Service, which runs on the SOAR Platform, interfaces with the App Host and drives the various management operations such as configure, deploy, and restarts. The Disaster Recovery feature supports replicating the App Manager Service and app configurations.

You do not need to perform this configuration if both statements are true.
  • The receiver has the same name in DNS as the master.
  • The client is configured to use an FQDN, and the DNS record is updated.

Complete the following steps to configure your apps when you run the DR playbooks to promote the receiver or to swap the master and receiver.

Procedure

  1. Run the DR Ansible® playbook to promote the receiver or to swap the master and receiver, as described in Running Disaster Recovery actions.
  2. Renew the pairing for each App Host as follows.
    • If you have the pairing information (such as in a file), change the manager_url property in the JSON to specify the correct hostname or IP. Then, at the App Host server, run manageAppHost install with the updated JSON. See Create the App Hosts in the App Host Deployment Guide for the procedure.
    • If you do not have the pairing information, you need to renew the pairing as described in Create an App Host pairing in the App Host Deployment Guide. Make sure the manager_url property in the JSON correctly specifies the hostname or IP.
  3. Update the app.config file for each app to specify the IP address or FQDN of the newly active SOAR appliance as follows.
    1. In the Apps tab of the SOAR appliance, select the app then click its Configuration tab, as described in Configuring an app in the System Administrator Guide.
    2. Open the app.config file.
    3. Check that the host parameter is correct, as shown in the following example.
      host=<soar.localdomain>
    4. Save the changes to the app.config file.
    5. Repeat this step for each app.
  4. If the hostname changed (not typically done), you need to do the following steps for each app so that the names match the receiver and renew the pairing.
    1. Update the cafile and host values in the app.config file.
    2. Upload the cert file in the Configuration page in the SOAR platform Apps tab.
    3. Renew the pairing and rerun manageAppHost install.

What to do next

Proceed to Running Disaster Recovery actions.

Configuring apps running on an integration server

The Disaster Recovery system works with apps that run on an integration server, which is a remote system - not on the receiver or master systems. To configure your apps to work when you run the Disaster Recovery playbooks, you must update the app.config file on the integration server to point to the active SOAR instance.

About this task

You do not need to complete this configuration if you have configured the client to use an FQDN for which the DNS record has been updated. You only need to complete the following configuration if the address (IP address or host name) used by the apps needs to be updated.

Complete the following steps to configure your apps when running the DR playbooks to promote the receiver or to swap the master and receiver.

For information about the integration server, see the Integration Server Guide.

Procedure

  1. Before running the Disaster Recovery playbooks, stop Resilient® Circuits on the remote integration server. If the integration server is on a Linux® system, the command is: 
    sudo systemctl stop resilient_circuits
    If the integration server is on a Windows system, the command is: 
    resilient-circuits.exe service stop
  2. Run the DR Ansible playbook to promote the receiver or to swap the master and receiver, as described in Running Disaster Recovery actions.
  3. Update the app.config file on the integration server to specify the IP address or FQDN of the newly active SOAR appliance.
  4. If you want the SOAR server certificate to be verified, complete the following steps:
    1. Open the app.config file.
    2. Check that the host parameter is correct, for example:
      host=<resilient.localdomain>
    3. Comment out the following line:
      line cafile=false
    4. Add the following line:
      cafile=~/.resilient/cert.cer
    5. Save the changes to the app.config file.
    6. Copy the cert from the appliance by running a command similar to the following:
      openssl s_client -connect <IP_Address> -showcerts < /dev/null 2> /dev/null | openssl x509 -outform PEM > ~/.resilient/cert.cer

    Refer to the Integration Server Guide for more information about managing the SSL certs.

  5. Restart resilient-circuits on the remote host.
    Note: If you did not make copies of the example integration configuration on your appliance, such as example rules or workflow, but instead updated these examples to get them working with your setup, if you run resilient-circuits customize again and agree for the setup to be pushed to the appliance, it overwrites the changes that you made with the default integration values.

What to do next

Proceed to Running Disaster Recovery actions.