Setup and Configure Disaster Recovery for HA + DR

Add the DR Shared IP to LifeKeeper

1. In LifeKeeper, right click the active server and select Create Resource Heirarchy.
2. Follow the screens in the wizard:
   1. In the Application to protect field, select IP Address for the Application to protect, and then click Next.
   2. Enter a valid IP address on the same subnet as the replication interfaces. This should be the Shared IP Address for the DR Replication, which is separate from the previously created HA Shared Management IP. Click Next.
   3. Select the Subnet Mask, and then click Next.
   4. Select or enter the name for the IP Resource Tag, and then click Next.
   5. Select the Network Connection for the Resource (replication interface), and then click Next.
   6. In the Local Recovery field, select No, and then click Next. The resource is created and then automatically starts the Extend Wizard to extend the hierarchy to the standby node.
3. Right-click the SQL resource and click Add Dependency to add the newly created resource as a dependency for the SQL resource.
4. Follow the screens in the wizard, making sure to select the newly created IP resource as the Child Resource. Accept all other defaults.

Prepare Lifekeeper for DR Install

1. Running LifeKeeper GUI as an Administrator, right click the top-level RestTag and select Out of Service.
2. Select defaults to take the resource out of service.

Configure the Primary Platform Manager

To run the setup for the Primary site:

Use only static IPs for the replication interface. Do not use DHCP.

1. Download the DR zip file from the LogRhythm Community and extract it to a new local directory on the Primary Platform Manager.
2. Browse to the newly extracted DR directory.
3. Right-click DR_Setup and select Run as administrator. Enter your local system administrator credentials.

4. In the first DR Setup dialog, enter credentials for a SQL Sysadmin or enable the Windows Authentication check box, and then click Next.

   

   The user entered here MUST have Sysadmin permissions in Microsoft SQL Server Management Console. To check permissions, open and connect to the MS SQL SMC. In the main tree, expand the Security > Logins folder. Select the user you want or create a new one. Right-click the user and click Properties. Click Server Roles and make sure that the Sysadmin Server role is checked for this user.

5. Select Primary and Next.
6. Under Primary, select the DR Shared IP created as a ResTag for the Primary site by using the arrow to select from discovered IPs. Under Secondary, enter the Replication IP address of the Secondary DR site. You can also select a different port number, if necessary, as long as that port is not used by other systems. The port used for the Primary site and the port used for the Secondary site can be different. Click Next.

7. Select the databases that you want to replicate on the Secondary site and click Next.
   

   

   The DR solution does not replicate the LogRhythm Archives.

8. Select a folder for temporarily storing the database backup, and then click Next.

   

   After you select the folder, the DR Setup shows the free space available. If the system does not have enough free space for the backup, an error message appears at the bottom of the dialog. If necessary, you can select a network drive or external drive. If you want to change your database selections, click Back to return to the previous screen.

   
   

9. Select the minutes for your Recovery Point Objective (RPO).

   

   The RPO is the maximum tolerable period in which data from the Primary system can be lost due to system disruption. If the data replication falls behind this time limit, the LogRhythm SIEM generates an alert. The default is 60 minutes.
10. To backup the Platform Manager databases and to install DR solution on the Primary system, click Install.

The DR setup launches a script that shows its progress. Depending on the size of the databases, this process could take several hours. When it’s done, the following prompt appears: Press Enter when the setup is complete on the secondary system. Keep this progress window open. You will return to it later, after completing the setup on the secondary Platform Manager.

Transfer Database Files to Secondary Site

When the setup completes on the Primary system, copy the database backup files to the Secondary system.

1. Open the folder where the backup files are stored on the Primary system.
2. Select and copy all the database files and the logins file.
3. Access the Secondary Platform Manager server. Paste the files into a folder.

You will load the files from this folder when you configure the Secondary Platform Manager.

Configure the Secondary Platform Manager

To run the setup for the Secondary site:

1. Extract the DR zip file into a new local directory on the Secondary Platform Manager.
2. Browse to the newly extracted DR folder.
3. Right-click DR_Setup and click Run as administrator. Enter the local system administrator credentials.

4. In the first DR setup dialog, enter credentials for a SQL Sysadmin or select the Windows Authentication check box, and then click Next.

   

   The user entered here MUST have Sysadmin permissions in Microsoft SQL Server Management Console. To check permissions, open and connect to the MS SQL SMC. In the main tree, expand the Security > Logins folder. Select the user you want or create a new one. Right-click the user and click Properties. Click Server Roles and make sure that the Sysadmin Server role is checked for this user.

5. Select Secondary and click Next.

   

   If you accidentally leave this setting at Primary, the DR setup will fail. If this happens, you need to run the DR Setup on the Secondary system again and choose Secondary.

6. Under Primary, enter the IP address of the Primary site. Make sure the Primary Port number is the same one you selected during the Primary site configuration. Under Secondary, select the IP address for the Secondary site by using the arrow to select from discovered IPs. Make sure the Secondary Port number is the same one you selected during the Primary site configuration. Click Next.

7. Select the folder where you copied the Platform Manager databases, and then click Next.

8. Select the minutes for the Recovery Point Objective (RPO) on the Secondary Platform Manager.

   

   The default is 60 minutes. This value does not need to be the same RPO selected for the Primary Platform Manager.
9. Click Install.
10. When you see the "Step Complete" message, press Enter to exit.

You are now done with setup on the Secondary site.

Do not start the Platform Manager’s services (Job Manager and ARM) on the Secondary site. The Job Manager and ARM services should remain on Manual unless you need to perform a failover to the Secondary site, as described in the LogRhythm Disaster Recovery Administration Guide.

Complete the Setup on the Primary Platform Manager

After completing the setup on the Secondary site, follow these steps:

1. On the Primary Platform Manager, return to the DR Setup progress window.

2. To complete the setup on the Primary system, press Enter.

   

   If problems with the setup occur, you can view log files in the Logs subdirectory.

   
   When the DR Setup Complete message appears, you are finished with the DR configuration.

3. (Optional) Remove the backup files you created on both the Primary and Secondary Platform Managers. The files are no longer needed.
4. Restart all LogRhythm services running on AI Engines, Data Indexers, and the Platform Manager on the Primary site (not the Secondary site). These services include:
   • Platform Manager. Job Manager service and ARM service
   • Data Indexers. Mediator service
   • AI Engine (if integrated). AI Engine service and AI Engine Communication Manager service

Put Lifekeeper Back in Service

1. Running LifeKeeper GUI as an Administrator, right click the top-level RestTag and select In Service.
2. Select defaults options to bring the resource back into service.

Install the HA_DR_Setup

All the Installation and Configuration steps above should be performed, using the active HA node as the primary DR system. Use the DR Shared IP as the DR Primary IP Address.

1. After the DR setup is complete, use the LifeKeeper GUI to fail over the resource hierarchy to the HA secondary system. On that system, extract the DR zip file and browse to the DR\bin directory.
2. Right-click HA_DR_Setup.ps1 and click Run with PowerShell.
3. When the DR Setup Complete message appears, press Enter to close the window and use the LifeKeeper GUI to failback to the HA primary system.

Register LogRhythm Databases for SQL

To use the SQL Database Mirroring Monitoring tool for viewing data replication status, you must register the LogRhythm databases first.

1. From the Primary Platform Manager server, click Start, All Programs, LogRhythm, and Disaster Recovery.
2. Double-click DR_Status to open the Database Mirroring Monitor.
3. Click Action, and then and Register Mirrored Database.
4. In the Register Mirrored Database dialog, click Connect.
5. Enter credentials for the SQL Server administrator, and then click Connect.
6. In the Register Mirrored Database dialog, select the check boxes for all databases, select Show the Manage Server Connections dialog box when I click OK, and then click OK.
7. At the next prompt regarding Server Instance Connections, click OK.
8. In the Database Mirroring Monitor panel, click the plus sign to expand the list of mirrored databases.
   The LogRhythm databases now appear in the Database Mirroring Monitor.

9. Go to the HA Secondary and DR Secondary Platform Manager and follow steps 1-8 to register the mirrored databases for each node.
   When you’re done registering the Primary and Secondary databases, you can view the status of a LogRhythm database by selecting it in the left panel.

10. For the Data Indexer configuration, specify the DNS name for the AllConf EMDB location on the DR side.

    

    For more information about the Database Mirroring Monitor, see Administer a LogRhythm Disaster Recovery Deployment.
    

    You can also see replication status by running LogRhythm’s DR Control from Start, All Programs, LogRhythm, Disaster Recovery, right-click DR Control, and click Run as administrator. For more information about this program, see Administer a LogRhythm 8.0.1 Disaster Recovery Deployment.