Configuring High Availability in USM Appliance Enterprise Systems

Applies to Product: USM Appliance™ AlienVault OSSIM®

Unlike the USM Appliance Standard Server topology, the USM Appliance Enterprise Server consists of two separate devices, an Enterprise Server and an Enterprise Database. Configuration consists of configuring the Enterprise Servers to communicate with their Enterprise Databases, and for one Enterprise Server to fail over to another.

Enterprise Server and database in an HA topology.

USM Appliance Enterprise Server and Database in an HA topology

Prerequisites

  • You must have already deployed and configured each appliance, as described in Configure the USM Appliance Hardware.
  • You must have configured the following:

    • The same root password in both the Enterprise Server and Enterprise Database.

      Important: When setting up HA in USM Appliance Enterprise systems, the root user password must not contain the following characters: ? * [ ] { } ! \ ^ $ " / ' ` < > |

    • A hostname for each failover node pair that makes it obvious which is the master and which the slave.
    • Communication and synchronization with the respective NTP servers for each failover node.

Configuring HA in the Secondary Enterprise Server and Database

To configure HA in the secondary USM Appliance Enterprise Server and Database

  1. Log into the secondary Enterprise Server, jailbreak the console, and set HA values, as described in Configuring High Availability for USM Appliance Standard Servers.

  2. Configure the secondary Enterprise Database:

    1. Log into the Enterprise Database node intended for the secondary Enterprise Server node and jailbreak the console.

    2. At the command line prompt, configure HA by editing the file /etc/ossim/ossim_setup.conf, as indicated in the angle-bracketed variables:

      ha_heartbeat_start=yes

      ha_local_node_ip=<slave_database_admin_IP>

      ha_other_node_ip=<master_database_admin_IP>

      ha_role=slave

    3. Save the changes.
  1. Log back into the secondary Enterprise Server node and jailbreak the console.

  2. At the command line prompt, enter:

    screen alienvault-ha-assistant -e

    Note: Use screen to keep the process running in the background even when the session disconnects.

  1. Check that the secondary node is up and running by executing:

    alienvault-ha-assistant -s

    The system prompts you for the primary (master) root user password.

  1. Enter the password, then wait approximately five minutes until a screen appears, showing a value of Heartbeat status=Running.

Configuring HA in the Primary Enterprise Server and Database

To configure HA in the primary Enterprise Server and Database

  1. Follow the steps in Configuring HA in the Secondary Enterprise Server and Database, but in /etc/ossim/ossim_setup.conf, make the changes shown in the angle-bracketed variables below:

    ha_heartbeat_start=yes

    ha_local_node_ip=<master_database_admin_IP>

    ha_other_node_ip=<slave_database_admin_IP>

    ha_role=master

  2. Save the changes.

  3. Log into the primary, or master, Enterprise Server, jailbreak the console, and, at the command line prompt, enter:

    screen alienvault-ha-assistant -e

    Note: Use screen to keep the process running in the background even when the session disconnects.

Adding an Enterprise Database to an Enterprise Server

You must add

  • The primary Enterprise Database to the secondary Enterprise Server node.
  • The secondary Enterprise Database to the primary Enterprise Server node.

To add the Enterprise Database to an Enterprise Server

  1. Log into the secondary Enterprise Server.
  2. Select Jailbreak System,press Enter (<OK>), and Enter (<Yes>) again.

  3. Add the primary Enterprise Database to the secondary Enterprise Server node, using the command:

    alienvault-api add_system --system-ip=<master_database_admin_ip>
    --password=<root_password_to_master_database>

  1. Log into the primary Enterprise Server node as previously described, and add the secondary Enterprise Database:

    alienvault-api add_system --system-ip=<slave_database_admin_ip>
    --password=<root_password_to_slave_database>

Verifying the Configuration

To check the configuration

1. Using the virtual IP address referenced in ossim-setup.conf, launch the USM Appliance web interface in a browser.

2. Go to Configuration > Deployment > Components > AlienVault Center.

Both databases should be visible, including the one functioning as a secondary, or slave, database.

Primary and secondary HA databases displayed in the AlienVault Components Information page