Skip to main content
Skip table of contents

Configure the High Availability Software for HA + DR

Configure the New HA Deployment

Verify the Installation

To confirm the installation was successful, look in Programs and Features for the following new programs:

  • LifeKeeper for Windows v8 Update 9
  • LifeKeeper Microsoft SQL Server Recovery Kit v8 Update 9
  • SIOS DataKeeper for Windows v8 Update 9
  • Microsoft Visual C++ 2015 Redistributable (x64) – 14.0.23026
  • Microsoft Visual C++ 2015 Redistributable (x86) – 14.0.24215

Additionally, you can review the log file from the script in the \Logs directory to check for any error messages.

Verify the Initial LifeKeeper Configuration

  1. Run the LifeKeeper GUI on the primary system (Start, All Programs, SIOS, LifeKeeper, and then LifeKeeper (Admin Only)) as an Administrator
  2. Log on using local admin credentials. An IP and Name resource should be displayed, and the primary server icon should contain a yellow triangle.


    The yellow triangle on the server icon indicates that communication paths were setup from Node 1 to Node 2, but not in the other direction. Once the install process has run on the secondary server, the yellow icon should change to a green check. The same interface, viewed from the secondary server after a completed installation, looks like this:

Configure LifeKeeper and DataKeeper Service Accounts


The following steps must be performed on both nodes.

In order to function properly, the LifeKeeper and SIOS DataKeeper services should be set up to run as an account with local administrator credentials on the systems. These can either be domain accounts, or local accounts as long, as the same accounts and passwords are created on both systems.

  1. Open the Services console, right-click the LifeKeeper service, and click Properties.
  2. Select the Log On tab and enter the credentials for the account you wish to use.
  3. Repeat for the SIOS DataKeeper service, and then for both services on the other node.

Start Elasticsearch on XM Nodes

  1. Open the Services Console, right click the LogRhythm DX – Elasticsearch Service and select Start, if the service is not already started.
  2. Perform this step on each XM node in the deployment.

Configure LogRhythm

Before the rest of the HA configuration can be done, LogRhythm needs to be configured on the primary node to work with the shared Name and IP.

  1. Click Start, All Programs, LogRhythm, and then open the Local Configuration Managers (LCM) for each LogRhythm service.
    The quantity and location of the configuration managers you will need to update will depend on your specific deployment.
    On an XM, update all below on both systems in the HA pair. The Server field for each should contain the IP/VIP of the HA pair. 

    1. Platform Manager - Open the Platform Manager Configuration Manager and update both the Job Manager and Alarming and Response Manager tabs.


    2. Data Processor - Open the Data Processor Configuration Manager and update the General tab.

    3. AI Engine - Open the AIEngine Configuration Manager and update the General tab.

  2. Update the Global Database Server IP in Configuration Manager on the PM/XM.
    Access this configuration from Start, All Programs, LogRhythm, and then open Configuration Manager.
    This setting is used by all Web, API and DX services to access the Platform Manager.
     
  3. After all services are configured, open the LogRhythm Console. Log on using the Shared Name or IP.
  4. If starting client console for the first time, you will be prompted with the New Deployment Wizard.
    Use the Shared Name and IP for all services participating in HA.
  5. Continue through the Knowledge Base Import Wizard and the License Wizard, and then select the appropriate platform from the platform selector in Platform Manager Properties and Data Processor Properties.
    For a PM/DP pair, a Data Processor record and an Agent record needs to be manually created using the Shared Name and Shared IP of the DP.

  6. If configuring an XM with local Data Processor services, set the active archive location to S: drive (Gen5/6) and inactive archive location to the D: drive or a shared accessible remote CIFS/SMB path in the Data Processor properties.

LogRhythm Configuration for Shared HA Collector

If you have an HA pair of XMs, PMs, or Collectors running local system monitor agents, you may need to create a shared system monitor record for the two systems. 

Create Host and System Monitor Records for the Shared Agent

  1. From the LogRhythm Console, click Deployment Manager on the main toolbar, and then click the Entities tab.
  2. Select the Entity where the shared agent should go. The default is Primary Site.
  3. Right-click the Entity Hosts area and click New Host.
  4. Enter the name for the shared agent and then click the Identifiers tab.
  5. Enter the shared IP and each of the system IPs for IP Address identifiers.
  6. Enter the shared name and each of the system names for Windows Name identifiers.
  7. Click OK.
  8. Click the System Monitors tab, right-click in the lower pane, and click New.
  9. Choose the host record from the previous step that the Host Agent is installed on.
  10. Enter the System Monitor Agent name.
  11. On the Data Processor Settings tab, select the Data Processor this agent will use, and enter the shared IP for the Agent IP/Address Index.
  12. If any syslog or flow collection will be performed by this agent, select Advanced and change the value of SyslogServerNIC, NetflowServerNIC, and sFlowServerNIC to the shared IP.

Use the LogRhythm Install Wizard to install or upgrade LogRhythm components in your deployment. You must run the Install Wizard on each appliance or server in your deployment, and select the appliance configuration that you want to install or upgrade.

  • The LogRhythm Install Wizard requires .NET Framework version 4.7.2 or above.
  • If you are installing or upgrading the Data Indexer or Web Console, ensure that Windows Firewall Service is running before starting the Install Wizard to allow firewall rules to be created.
  • Do not try to run the wizard from a network share. Run the wizard locally on each appliance.
  • For systems with UAC (Vista and later), always run installers as a Local Administrator with elevated privileges. The person performing the installation must be in the Local Admin group, unless the domain is managed and the Group Policy Object dictates that only Domain Administrators can run installers.
  • When installing the Web Console, it is recommended that you run the LogRhythm Install Wizard to install all Web Console services. You may choose to install the Web Console as a stand-alone installation or as part of the XM Appliance or Platform Manager (PM) configurations.
  • Before installing or upgrading the Web Console, ensure that Windows Firewall is running so the Common installer can open port 8300.
When the Client Console is installed on a fresh system, additional software packages must be installed such as Microsoft Visual C++ Redistributable packages, SAP Crystal Reports runtime engine, and .NET Framework 4.7.2. For this reason, the Client Console installer may take 30 minutes or more to complete.
  1. Log in as an administrator on the appliance or server where you are installing or upgrading LogRhythm software.
  2. Copy the entire LogRhythm Install Wizard directory to a new directory on the local server.
  3. Open the Install Wizard directory, right-click LogRhythmInstallWizard.exe, and then click Run as administrator.
    The Welcome screen appears.
  4. Click Next to proceed.
    The wizard asks you to confirm that you have prepared the LogRhythm databases for the upgrade.
  5. Click one of the following:
    • If you have run the Database Install or Upgrade Tool on each Platform Manager or XM server, click Yes to continue.
    • If you have not prepared the LogRhythm databases on all required appliances, click No to cancel the wizard, install or upgrade all of the required databases, and then continue with this procedure.
    The End User License Agreement appears.
  6. Read the agreement carefully. By accepting the terms in the agreement, you agree to be bound by those terms.
  7. If you accept the terms of the agreement, select the I accept the terms in the license agreement check box, and then click Next.
    The configuration selector appears. Depending on the selected configuration, the wizard upgrades or installs a specific application or set of applications.

    For certain configurations, you can optionally select to install or upgrade the AI Engine.
    If you select the Web Console, it is installed to the default location, C:\Program Files\LogRhythm\LogRhythm Web Services. For instructions on how to install the Web Console to a custom location, see Install and Configure the Web Console.
  8. For each appliance that you install, select the target appliance configuration, according to the following table.

    If you are upgrading an existing PM + DP appliance or another configuration that is not represented in the Install Wizard, select one of the available configurations and then run the wizard again to install the next configuration.

    7.x.x ConfigurationSelect…
    XM

    XM

    Platform ManagerPM
    Data ProcessorDP
    Client ConsoleClient Console
    Web ConsoleWeb Console
    AI EngineAIE
    Data Collector/System MonitorDC
    LogRhythm Diagnostics ToolLRD Tool
    LogRhythm Diagnostics Tools AgentLRD Agent
    If you are upgrading the LogRhythm Web Console, pay attention to the following:
    • Upgrades from Web Console 6.1.x and 6.2.x are not supported. Uninstall your Web Console and complete a fresh installation.
    • If you have a 7.2.0 deployment, close the Web Services Configuration Manager prior to beginning the upgrade.

    If you are running the Install Wizard on an XM or DP/DX appliance, ensure that the Elasticsearch service is running before you continue. You can start all services by running the following command in an Administrative PowerShell prompt: Start-Service lr-*

    If this service is not running, the Data Indexer installer will fail. After ensuring the service is running, you can run the Install Wizard again, or run the LRDataIndexer executable in the wizard's Installers subfolder by right-clicking it, and then clicking Run as Administrator.

  9.  When you have selected the target configuration, click Install.
    The LogRhythm Deployment Tool appears.

  10. Select from the following options, depending on the type of deployment you are running:

    • For Disaster Recovery upgrades, follow the procedure for a multi-host upgrade in the LogRhythm Infrastructure Installer. The Deployment Properties modal asks whether your deployment includes Disaster Recovery. Be sure to select Yes and provide the FQDN of the DR Cluster and select OK.

      1. Add the Management IP address of each DR server as two separate hosts in the deployment tool.

      2. If applicable, add the IP addresses of other participating hosts in your LogRhythm deployment, and then click Create Deployment Package.

      3. After the deployment package is created, click Run Host Installer on This Host. Leave this window open until the final step of this section.

      4. Copy the deployment package from previous steps—both the Windows executable and the plan file—to a location the secondary host of the DR pair.

      5. Log in to the Secondary host, run cmd as an administrator, and change the directory to the location where you copied the LRII executable and plan file.

      6. From the command prompt, run lrii_windows.exe /dr-secondary, and verify that the command finishes without any errors.

      7. Run the LRII exe from the deployment package on each additional LogRhythm host in the deployment.

      8. Return to the Primary DR server and select Verify Status to confirm that all LogRhythm Host Installers have completed successfully. Exit when confirmation is complete.

      9. Through services.msc, verify that the LogRhythm Service Registry service is using the appropriate service account after re-running the Infrastructure Installer.

    • For High Availability upgrades, the following instructions apply.

      1. Select Upgrade Deployment.

      2. The HA shared IP should be supplied as the IP address representing both nodes in the HA cluster. Do not add other IP addresses from the HA nodes.

      3. If applicable, add the IP addresses of other participating hosts in your LogRhythm deployment, and then click Create Deployment Package.

      4. On the primary node, select Run Host Installer on This Host.
      5. Copy the resulting deployment package (executable and plan file) to a location on the secondary node in the HA cluster.

      6. On the secondary node, open an elevated command prompt (Run as administrator) and change directory to the location of the LRII_Windows.exe copied in the previous step. For example: cd "C:\Users\Administrator\Desktop\Deployment Package"

      7. Run the following command: ".\LRII_Windows.exe /ha-secondary=<HA shared IP address>" and press Enter.

    Additional help is available by clicking the question mark icon in the upper-right of the tool.
    When you are finished preparing your deployment, you will be returned to the Install Wizard.

  11. Observe for any failures as the wizard installs or upgrades the applications according to the selected configurations.

    When the Client Console is installed on a fresh system, additional software packages must be installed such as Microsoft Visual C++ Redistributable packages, SAP Crystal Reports runtime engine, and .NET Framework 4.7.2. For this reason, the Client Console installer may take 30 minutes or more to complete.

    Progress in the installation screen is indicated as follows:

    ColorMeaning
    GreenThe application was installed successfully. A message about the application and installed version

    is also printed below the status indicators.

    BlueThe application is being installed.
    YellowThe current or a newer version of the application is already installed.
    RedSomething went wrong and the application was not installed. Additional details will be printed

    below the status indicators. If something went wrong, check the installer logs located in the following location:
    C:\LogRhythm\Installer Logs\<install date and time>\

    During the Web Console installation or upgrade, if you receive a message that notifies you of an error with your Windows Installer package, go into each folder in C:\Program Files\LogRhythm\LogRhythm Web Services and run the unzip.bat file as an administrator. For other failures, run a Repair.
  12. Configure your deployment using the LogRhythm Configuration Manager that appears after the installation or upgrade is complete.

    The LogRhythm Configuration Manager has two modes: Basic and Advanced. The most commonly edited settings are shown in Basic mode. Advanced mode displays all settings, including those shown in Basic mode, grouped according to which service they affect. You can filter the settings that are displayed by clicking one of the options on the left — All (no filtering), Authentication, or Web Services. When settings are filtered, you should enable the Advanced view to ensure you can see all settings. For more information, see Use the LogRhythm Configuration Manager.

    While the Configuration Manager is still open, review your previous Web Console configuration values (backed up before starting the upgrade), turn on the advanced view, and validate or set all of the values in the Configuration Manager, especially the following:
    • Global, Database Server. This is the IP address of your Platform Manager where the EMDB is installed.
    • Web Global, Database Password. This is the password for the LogRhythmWebUI user, used by the Admin API for connecting to the EMDB. If the password is not correct, the Admin API will display an error.
    • Web Console UI values. Verify all settings for all Web Console instances.

    When finished, click Save, back up your current configuration to file, and then close the Configuration Manager.

    After you validate and save your configuration, it is strongly recommended that you make a new back up. Save the file in a safe location in case you need to restore it later.
  13. To close the LogRhythm Install Wizard, click Exit.

  14. Run the Install Wizard on the secondary node. When the LogRhythm Deployment Tool (LRII) launches, click Exit and allow the installation to complete.

If you need to install additional components that were not included in the selected configuration, run the Install Wizard again and select the necessary components.

Build the Appliance Resource Hierarchy


The following steps need to be performed on the primary node only. For a PM/DP pair, this step should always be performed first on the primary PM node and then on the primary DP node.

Each of the LogRhythm services will be protected by LifeKeeper by using the Generic Services Recovery Kit. The Generic Services Recovery Kit makes use of a set of scripts to communicate with the Windows Service Control Manager with the “sc.exe” command.

Run 2_HA_Build.cmd

  1. On the primary node, right-click the 2_HA_Build.cmd file and click Run as administrator.
    A PowerShell window opens with the build script.
  2. Press Enter to continue. If prompted, supply the password for the SQL sa account. If the script is able to connect to SQL via LogRhythm default credentials, you are not prompted for credentials.

    The script builds the SQL hierarchy, adds the monitored services, and adds each of the monitored databases before proceeding on to create the hierarchies for the LogRhythm services. When finished, the script displays a Setup Complete message and allows you to review the output before closing the window.

  3. Switch back to the LifeKeeper GUI and verify that you have a completed resource hierarchy that looks like the following:

    On a Gen5 appliance, the Vol.S_ResTag replaces the Vol.D_ResTag for the following:

    LogRhythmApIGateway_ResTag
    LRAIEComMgr_ResTag
    LRAIEEngine_ResTag
    scmedsvr_ResTag
    scsm_ResTag





    The LRAIEComMgr_ResTag and LRAIEEngine_ResTag resource hierarchies are only displayed if you selected the AIE Enabled check box in the HA configurator.

Update SQL Credentials in LifeKeeper

The build script is unable to properly supply the SQL credentials to LifeKeeper, so the credentials must be manually updated.

  1. Right-click the SQL_ResTag hierarchy and click Properties. Verify that the services and databases are all monitored, and then click Admin Actions.
  2. Click Next to Manage User, select Change User and Password in the drop-down menu, and then click Next again.
  3. Enter a SQL admin account (sa) and password to complete the wizard.

Extend the Resource Hierarchy to the Secondary Node

The following steps need to be performed on the primary node.

  • Extending the hierarchy is the process that LifeKeeper uses to copy identical configuration and resource details to the other node in the cluster.
  • This section assumes that you have been performing all configurations on the system that has current customer active data on it, and these volumes will be the source of the replica.
  • The steps in this section may not always come in the order displayed. Expect to create two volume resources, as well as one IP resource.
This document assumes that all LifeKeeper Resource Hierarchies built thus far have been on the Active node. Take great care to choose the source volume which contains customer data, and the target volume which will contain empty LogRhythm databases. The Target Volume will ALWAYS be overwritten and no data will remain on this volume. If you fail to get this correct, you will overwrite the customer’s data.
Before you continue, ensure that File and printer sharing is turned on under Control Panel, All Control Panel Items, Network and Sharing Center, and Advanced sharing settings.
  1. In the Hierarchies Pane, right-click XM_ResTag, PM_ResTag, AIE_ResTag, or DC_ResTag, and then click Extend Resource Hierarchy.
  2. In the Extend Wizard, select the secondary system and click Next.
  3. Make sure all the pre-extend checks were successful, and then click Next.
  4. In the Volume Type menu for D:, select Create Mirror, and then click Next.
  5. In the Network end points menu, select Private, and then click Next.
  6. Select the default, and then click Create to create the mirror for the D: drive (Gen4) or the S: drive (Gen5) volume.
  7. After the mirror is successfully created, click Next.
  8. Select the subnet mask that is on the Public interface and click Next.
  9. In the Network Connection menu, select Public, and then click Next three times, accepting the defaults on the next two screens.

    If on a Gen5 appliance, repeat steps 4-7 to create a mirror for the S: drive.

  10. In the Volume Type menu for L:, select Create Mirror, and then click Next.

  11. In the Network end points menu, select the Private network, and then click Next.

  12. Select the default on the next screen, and then click Create to create the mirror for the L: volume.

  13. Once the mirror is created successfully, click Next.

  14. Leave the default Backup Priority on the next screen then click Extend.

  15. Wait until the hierarchy is extended, then click Finish.

    The extended resource hierarchy should look like this with HA1 Active and HA2 on Standby or Mirroring:

    On a Gen5 appliance, the Vol.S_ResTag replaces the Vol.D_ResTag for the following:

    LogRhythmApIGateway_ResTag
    LRAIEComMgr_ResTag
    LRAIEEngine_ResTag
    scmedsvr_ResTag
    scsm_ResTag



    The LRAIEComMgr_ResTag and LRAIEEngine_ResTag resource hierarchies are only displayed if you selected the AIE Enabled check box in the HA Setup tool.

  16. New mirrors require time to synchronize. Failover is not possible until both L: and the D: drive (Gen4) or the S: drive (Gen5) are in a Mirroring state. A Resync state means the data is being duplicated to this volume from the active volume.

    Right-click the active volume and click Properties to view the sync progress.

  17. After the status is Mirroring for all volumes, you may proceed with outage tests. Failure to wait for the sync to complete may result in data corruption.

Associate the DX Cluster ID on Both Nodes

To associate the DX cluster ID on the Primary Node, do the following:

  1. Right-click PowerShell, and then click Run as administrator.

  2. Issue the following command and record the value that is returned: $env:DXCLUSTERID

    You use the returned value to associate the cluster ID using PowerShell on the Secondary Node in the next set of steps.

  3. Press Enter to continue.

To associate the DX cluster ID on the Secondary Node, do the following:

  1. Right-click PowerShell, and then click Run as administrator.

  2. Issue the following command: Set-ItemProperty –Path "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\Environment" –Name DXCLUSTERID –Value <DXCLUSTERID value obtained on Primary node>

    The DXCLUSTERID is case-sensitive and must match between both servers exactly for searches to succeed after a failover.

  3. Close the PowerShell window.

Update Mirror Settings

The default mirror settings created by LifeKeeper Volume Mirroring uses a flag called the LK Delete Mirror Flag, which is set to True by default. The product documentation describes this flag as follows:

The LifeKeeper Delete Mirror Flag controls the behavior during delete of the LifeKeeper resource for the replicated volume. When deleting the LifeKeeper volume resource, if the flag is set to True, then LifeKeeper deletes the mirror; otherwise, the mirror remains.

  • If you want the mirror deleted when the volume resource is unextended or removed from LifeKeeper, select True.

  • If you want the mirror to remain intact, select False.

The default is True if the mirror is created using LifeKeeper GUI. The default is False if the mirror is created outside of LifeKeeper GUI.

To preserve data, the LifeKeeper Delete Mirror flag must be changed to False.

  1. Right-click the active volume and select Properties.

  2. Click the Mirror Settings button.

  3. On the first page of the Volume Mirror Settings wizard, click Next, and then select Set LifeKeeper Delete Mirror Flag in the dropdown menu.

  4. Set the value to False and complete the wizard. Repeat the process for the other protected volume.

  5. Confirm the setting on the Properties page.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.