Breadcrumbs

Disaster Recovery Administration Checklist

This checklist can be used to record your progress throughout the process of administering a LogRhythm Disaster Recovery deployment.

Regular Monitoring Tasks

Replication Status Monitoring

  • [ ] Check replication status using LogRhythm DR Control:

    • [ ] Run DR Control (Start > All Programs > LogRhythm > Disaster Recovery > DR Control) as administrator

    • [ ] Verify databases show "Synchronized" or "Synchronizing" status

    • [ ] Review metrics (SendQueue, SendRate, RedoQueue, RedoRate, EstimatedRecoveryTime, SyncPerformance)

    • [ ] Exit panel with 'Q'

  • [ ] Alternatively, use AlwaysOn Availability Group Dashboard:

    • [ ] Start SQL Server Management Studio and log in as administrator

    • [ ] Expand AlwaysOn High Availability folder and Availability Groups folder

    • [ ] Right-click Availability Group and select "Show Dashboard"

Replication Mode Management

  • [ ] Review current replication mode (Asynchronous or Synchronous)

  • [ ] Determine if mode changes are needed based on:

    • [ ] Current network performance

    • [ ] Recovery Point Objective (RPO) requirements

    • [ ] Performance requirements

    • [ ] Distance between Primary and Secondary sites

Planned Failover Procedure

Pre-Failover Steps

  • [ ] Schedule maintenance window for failover

  • [ ] Notify all relevant stakeholders of planned failover

  • [ ] Verify all databases are synchronized between Primary and Secondary sites

  • [ ] Verify Secondary site components are ready to become active

Execute Planned Failover

  • [ ] Access Primary (active) Platform Manager

  • [ ] Run DR Control (Start > All Programs > LogRhythm > Disaster Recovery > DR Control) as administrator

  • [ ] Press 'D' to display DR Control Options

  • [ ] Type 'F' to initiate failover process

  • [ ] Confirm with 'Y' when prompted

  • [ ] Wait for automatic tasks to complete:

    • [ ] Platform Manager services stopping on Primary site

    • [ ] Database synchronization verification

    • [ ] Secondary Platform Manager designation as Active site

Post-Failover Steps

  • [ ] Verify DNS record updates (automatic or manual) to point to Secondary Platform Manager

  • [ ] Wait for TTL limit to be reached

  • [ ] Confirm Platform Manager services have started on Secondary site:

    • [ ] Alarming and Response Manager (ARM) service

    • [ ] Job Manager service

  • [ ] Start services for Data Processors, Data Indexers, and AI Engines if necessary

  • [ ] Verify remote systems reconnection to Secondary Platform Manager

  • [ ] Test system functionality on Secondary site

  • [ ] Document failover completion

Unplanned Failover Procedure (DR Only)

Execute Unplanned Failover

  • [ ] Go to Secondary (standby) Platform Manager

  • [ ] Run DR Control (Start > All Programs > LogRhythm > Disaster Recovery > DR Control) as administrator

  • [ ] Acknowledge potential data loss warning by typing 'Y'

  • [ ] Wait for automatic tasks to complete:

    • [ ] Secondary Platform Manager switching to Active state

    • [ ] Platform Manager services starting on Secondary site

    • [ ] Replicated databases loading

  • [ ] Press Enter to exit when failover is complete

Post-Failover Steps

  • [ ] Update DNS record to point to Secondary Platform Manager

  • [ ] Wait for TTL limit to be reached

  • [ ] Reconnect remote systems to Secondary Platform Manager

  • [ ] Redirect Agents to new Data Processor if necessary

  • [ ] Test system functionality on Secondary site

  • [ ] Document failover completion and any data loss

Unplanned Failover Procedure (HA + DR)

Execute Unplanned Failover

  • [ ] Go to Secondary (standby) Platform Manager

  • [ ] Run DR Control as administrator

  • [ ] Type 'D' to display DR Control Options

  • [ ] Type 'F' to initiate failover

  • [ ] Acknowledge potential data loss warning by typing 'Y'

  • [ ] Wait for automatic tasks to complete

  • [ ] Exit when failover is complete

Post-Failover Steps

  • [ ] Update DNS record to point to Secondary Platform Manager

  • [ ] Wait for TTL limit to be reached

  • [ ] Reconnect remote systems to Secondary Platform Manager

  • [ ] Redirect Agents if Data Processor is unavailable

  • [ ] Test system functionality on Secondary site

  • [ ] Document failover completion and any data loss

Failback Procedure (Resume Operations on Primary)

Pre-Failback Verification

  • [ ] Verify Primary Platform Manager is operational

  • [ ] Run DR Control on Primary Platform Manager as administrator

  • [ ] Verify State column displays "Suspended" (ready for data replication)

Execute Failback

  • [ ] Type 'D' to display DR Control Options

  • [ ] Type 'R' to resume data replication

  • [ ] Wait for all databases to show "Synchronized" state

  • [ ] Open DR Control on Primary Platform Manager

  • [ ] Type 'D' to display DR Control Options

  • [ ] Type 'F' to fail over to Primary site

  • [ ] Confirm with 'Y' when prompted

  • [ ] Wait for automatic tasks to complete

Post-Failback Steps

  • [ ] Update DNS record to point to Primary Platform Manager

  • [ ] Wait for TTL limit to be reached

  • [ ] Verify all systems reconnect to Primary Platform Manager

  • [ ] Test system functionality on Primary site

  • [ ] Document failback completion

IP Address Changes (Re-IP Procedure)

Preparation

  • [ ] Document current IP configuration:

    • [ ] Management IPs

    • [ ] Failover IPs

    • [ ] Replication IPs

    • [ ] Cluster (DNS) name

    • [ ] Replication ports

  • [ ] Plan new IP configuration

  • [ ] Schedule maintenance window for changes

Execute Re-IP

  • [ ] From DR Install folder, run DR Re-IP Uninstall.exe as Administrator

  • [ ] Click the "Re-IP" tab

  • [ ] Enter new IP addresses for the deployment

  • [ ] Validate IPs and DNS name

  • [ ] Click "Re-IP" to run the script

  • [ ] Review script output to verify success

Post Re-IP Verification

  • [ ] Test replication status using DR Control

  • [ ] Verify DNS resolution with new IP addresses

  • [ ] Test failover functionality with new configuration

  • [ ] Document IP changes

DR Uninstallation Procedure

Preparation

  • [ ] Document current configuration

  • [ ] Back up any critical data

  • [ ] Schedule maintenance window

  • [ ] Notify all relevant stakeholders

Execute Uninstallation

  • [ ] From DR Install folder on primary server, run DR Re-IP Uninstall.exe as Administrator

  • [ ] Click the "Uninstall" tab

  • [ ] Review description of uninstall process

  • [ ] Click "Uninstall" and follow confirmation prompts

  • [ ] Enter sysadmin-level SQL credentials when prompted

  • [ ] Review script output and address any errors

  • [ ] Repeat steps on secondary server

  • [ ] For secondary server, correctly identify deployment type when prompted

Post-Uninstallation Verification

  • [ ] Verify no databases are in Synchronizing, Not Synchronizing, Restoring, or Suspect state

  • [ ] Confirm LogRhythm folder in Windows Task Scheduler has been removed

  • [ ] Verify CONSUL_CLIENT environment variable does not exist on XM/PM

  • [ ] Confirm all LogRhythm PM services are running

  • [ ] Verify SQL job "LogRhythm DR Job Management" is gone and all remaining SQL Server agent jobs are enabled

  • [ ] Update components to use management IP instead of shared DNS or failover IPs

  • [ ] Re-run LRII and remove host record for Secondary server

  • [ ] In Deployment Properties, change "Does your deployment include Disaster Recovery (DR)?" to No

  • [ ] Run "Get-Cluster" from elevated PowerShell to verify cluster service is not running