High Availability Prerequisites and Restrictions

Applies to Product: USM Appliance™ AlienVault OSSIM®

Before you start, review the prerequisites and restrictions in setting up a high availability (HA) USM Appliance system.

General Prerequisites and Restrictions

Make sure that you review all of the following AlienVault USM Appliance HA requirements and restrictions carefully before starting your deployment:

  • Because this HA feature does not work across dispersed locations (due to their different IP addressing), both the primary and secondary systems must be on the same subnet.
  • To avoid any network failures that could affect USM Appliance high availability, nodes must be connected through a dedicated network cable, without any networking equipment.
  • Use isolated interfaces (for example, eth1) at each node.
  • Make sure that the primary and secondary nodes are running the same image of AlienVault USM Appliance. For example, if the primary node is updated to USM Appliance version 5.3 from a previous version but the secondary node is a fresh install of USM Applianceversion 5.3, HA will not work properly.

  • When setting up HA in USM Appliance Enterprise systems, the root user password must not contain the following characters: ? * [ ] { } ! \ ^ $ " / ' ` < > |

NTP Server Requirements

  • Both the primary and secondary nodes require their own dedicated NTP Server. These NTP Servers should be configured identically.
  • Both NTP Servers must be up and running, and synchronized with each other.

Configuration Prerequisites — USM Appliance Standard and Enterprise Solutions

These prerequisites and restrictions apply both to the USM Appliance Standard and Enterprise deployments.

  • The primary and secondary nodes of a USM Appliance component in an HA deployment cannot share the same hostname.
  • You cannot change the IP or hostname of any component in a high availability system once configured.
  • You must register both nodes of each component.
  • Both the primary and secondary instances must have the same time zone setting.
  • Make sure that you configure each node to communicate with the NTP Server for its instance.

Configuration Prerequisites — USM Appliance Enterprise Solution Only

You must configure both nodes for the USM Appliance Enterprise Server and the USM Appliance Enterprise Database with the same root password.

General Maintenance Prerequisites

  • Make sure that you always keep the secondary HA instance at parity with the primary USM Appliance instance.
  • When upgrading USM Appliance to a new version, HA must be disabled. Otherwise, you lose the HA configuration. You can re-enable HA when the upgrade has finished.

Important: Any network latency or network disconnection issues that can lead to replication failure must be fixed promptly.