Up
Previous Next

Sheriff CSMâ„¢

Configuring High Availability in Sheriff CSM Enterprise Systems

Unlike the Sheriff CSM Standard Server topology, the Sheriff CSM Enterprise Server consists of two separate devices, an Enterprise Server and an Enterprise Database. Configuration consists of configuring the Enterprise Servers to communicate with their Enterprise Databases, and for one Enterprise Server to fail over to another.

Enterprise Server and database in an HA topology.

Sheriff CSM Enterprise Server and Database in an HA topology

Prerequisites

  • You must have already deployed and configured each appliance, as described in Configure the Sheriff CSM Hardware.

  • You must have configured the following:

    • The same root password in both the Enterprise Server and Enterprise Database.

      Important: When setting up HA in Sheriff CSM Enterprise systems, the root user password must not contain the following characters: ? * [ ] { } ! \ ^ $ " / ' ` < > |

    • A hostname for each failover node pair that makes it obvious which is the master and which the slave.
    • Communication and synchronization with the respective NTP servers for each failover node.

Configuring HA in the Secondary Enterprise Server and Database

To configure HA in the secondary Sheriff CSM Enterprise Server and Database
  1. Log into the secondary Enterprise Server, jailbreak the console, and set HA values, as described in Configuring High Availability for Sheriff CSM Standard Servers.

  2. Configure the secondary Enterprise Database:

    1. Log into the Enterprise Database node intended for the secondary Enterprise Server node and jailbreak the console.
    2. At the command line prompt, configure HA by editing the file /etc/vigilante/vigilante_setup.conf, as indicated in the angle-bracketed variables:

      ha_heartbeat_start=yes
      ha_local_node_ip=<slave_database_admin_IP>
      ha_other_node_ip=<master_database_admin_IP>
      ha_role=slave
    3. Save the changes.
  3. Log back into the secondary Enterprise Server node and jailbreak the console.

  4. At the command line prompt, enter:

    screen sheriff-ha-assistant -e

    Note: Use screen to keep the process running in the background even when the session disconnects.

  5. Check that the secondary node is up and running by executing:

    sheriff-ha-assistant -s

    The system prompts you for the primary (master) root user password.

  6. Enter the password, then wait approximately five minutes until a screen appears, showing a value of Heartbeat status=Running.

Configuring HA in the Primary Enterprise Server and Database

To configure HA in the primary Enterprise Server and Database
  1. Follow the steps in Configuring HA in the Secondary Enterprise Server and Database, but in /etc/ossim/ossim_setup.conf, make the changes shown in the angle-bracketed variables below:

    ha_heartbeat_start=yes
    ha_local_node_ip=<master_database_admin_IP>
    ha_other_node_ip=<slave_database_admin_IP>
    ha_role=master
  2. Save the changes.
  3. Log into the primary, or master, Enterprise Server, jailbreak the console, and, at the command line prompt, enter:

    screen sheriff-ha-assistant -e

    Note: Use screen to keep the process running in the background even when the session disconnects.

Adding an Enterprise Database to an Enterprise Server

You must add

  • The primary Enterprise Database to the secondary Enterprise Server node.
  • The secondary Enterprise Database to the primary Enterprise Server node.

To add the Enterprise Database to an Enterprise Server
  1. Log into the secondary Enterprise Server.

  2. Select Jailbreak System, press Enter (<OK>), and Enter (<Yes>) again.
  3. Add the primary Enterprise Database to the secondary Enterprise Server node, using the command:

    sheriff-api add_system --system-ip=<master_database_admin_ip>
    --password=<root_password_to_master_database>
  4. Log into the primary Enterprise Server node as previously described, and add the secondary Enterprise Database:

    sheriff-api add_system --system-ip=<slave_database_admin_ip>
    --password=<root_password_to_slave_database>

Verifying the Configuration

To check the configuration
  1. Using the virtual IP address referenced in ossim-setup.conf, launch the Sheriff CSM web interface in a browser.

  2. Go to Configuration > Deployment > Components > Sheriff Center. Both databases should be visible, including the one functioning as a secondary, or slave, database.

    Primary and secondary HA databases displayed in the <a class="foswikiNewLink" href="/docs/bin/edit/Sheriff/AlienVault?topicparent=Sheriff.ConfiguringHighAvailabilityInSheriffCSMEnterpriseSystems" rel="nofollow" title="Create this topic">AlienVault</a> Components Information page

Topic revision: r12 - 21 Jun 2022, SheriffCyberSecurity
Copyright 2020 Sheriff Cyber Security, LLC. All rights reserved.