Up
Previous Next

Sheriff CSM™

High Availability Prerequisites and Restrictions

Before you start, review the prerequisites and restrictions in setting up a high availability (HA) Sheriff CSM system.

General Prerequisites and Restrictions

Make sure that you review all of the following Sheriff CSM HA requirements and restrictions carefully before starting your deployment:
  • Because this HA feature does not work across dispersed locations (due to their different IP addressing), both the primary and secondary systems must be on the same subnet.

  • To avoid any network failures that could affect Sheriff CSM high availability, nodes must be connected through a dedicated network cable, without any networking equipment.

  • Use isolated interfaces (for example, eth1) at each node.

  • Make sure that the primary and secondary nodes are running the same image of Sheriff CSM. For example, if the primary node is updated to Sheriff CSM version 5.3 from a previous version but the secondary node is a fresh install of Sheriff CSM version 5.3, HA will not work properly.

  • When setting up HA in Sheriff CSM Enterprise systems, the root user password must not contain the following characters: ? * [ ] { } ! \ ^ $ " / ' ` < > |

NTP Server Requirements

  • Both the primary and secondary nodes require their own dedicated NTP Server. These NTP Servers should be configured identically.

  • Both NTP Servers must be up and running and synchronized with each other.

Configuration Prerequisites — Sheriff CSM Standard and Enterprise Solutions

These prerequisites and restrictions apply both to the Sheriff CSM Standard and Enterprise deployments.
  • The primary and secondary nodes of a Sheriff CSM component in an HA deployment cannot share the same hostname.

  • You cannot change the IP or hostname of any component in a high availability system once configured.

  • You must register both nodes of each component.

  • Both the primary and secondary instances must have the same time zone setting.

  • Make sure that you configure each node to communicate with the NTP Server for its instance.

Configuration Prerequisites — Sheriff CSM Enterprise Solution Only

You must configure both nodes for the Sheriff CSM Enterprise Server and the Sheriff CSM Enterprise Database with the same root password.

General Maintenance Prerequisites

  • Make sure that you always keep the secondary HA instance at parity with the primary Sheriff CSM instance.

  • When upgrading Sheriff CSM to a new version, HA must be disabled. Otherwise, you lose the HA configuration. You can re-enable HA when the upgrade has finished.
Important: Any network latency or network disconnection issues that can lead to replication failure must be fixed promptly.
Topic revision: r5 - 30 Aug 2021, SheriffCyberSecurity
Copyright 2020 Sheriff Cyber Security, LLC. All rights reserved.