Skip to main content
Skip table of contents

Disaster Recovery Installation Overview

This page is meant to be used as a high-level guide outlining the steps required to install a LogRhythm Disaster Recovery (DR) deployment. For more complete instructions, use the individual pages outlined in the Contents section of Install a LogRhythm Disaster Recovery Deployment.

Prerequisites Specific to DR

  1. Deployment Requirements:

    • Two LogRhythm SIEM deployments: Primary site and Secondary site.

    • Same LogRhythm software version on both sites.

    • Disable "Enable Password Policy" on the LogRhythm SIEM user account.

    • Configure the SQL Server, SQL Server Agent, and LogRhythm Service Registry services to run under the same Windows Domain Service Account on both the Primary and Secondary sites. This should be a named, privileged account with local admin rights on both the Primary and Secondary servers in the DR pair. This must be a domain account in the same domain on both systems.

  2. Hardware/Server Requirements:

    • Nodes should have near-matching CPU and memory resources.

    • Identical drive letter layouts with SQL DBs/Logs in identical paths.

    • Matching storage types (both SSD or both HDD).

  3. Network Configuration:

    • Each node needs:

      • One (1) NIC with static IP for normal data/management access.

      • Additional "secondary" IP address as the Failover Cluster IP.

      • Optional dedicated network interface for data replication.

    • Minimum 10 Mb/sec bandwidth, maximum 100ms latency between sites (1Gb/s+ recommended for larger deployments)

    • Failover Cluster IP addresses must be on a NIC with Active Directory access.

  4. Firewall/Port Requirements:

    • Multiple ports must be open between Primary and Secondary sites:

      • TCP: 135, 445, 3343, 1433, 5022, 49152-65535

      • UDP: 137, 3343, 1024-65535

      • ICMP: Echo Request/Reply

  5. DNS Requirements:

    • Platform Managers must be bound to an Active Directory domain.

    • Microsoft DNS server must be in the same Active Directory domain.

    • DNS entries for each server with forward/reverse records.

    • Common DNS record pointing to either Primary or Secondary PM IP.

    • DNS TTL of two minutes for quick failover.

  6. Disk Space Requirements:

    • Sufficient space on Platform Managers for database backup and copying.

Installation Steps Unique to Disaster Recovery Deployments

Secondary Platform Manager Configuration

  1. Extract DR zip file to a local directory on the Secondary Platform Manager.

  2. Run DR_Setup as an administrator.

  3. Enter SQL Sysadmin credentials and click Next.

  4. Select the Secondary option and click Next.

  5. Enter the Primary site's Replica IP address and port number.

  6. Select the Secondary site's Replica IP address and port number.

  7. Set the Recovery Point Objective (RPO) in minutes (default: 60).

  8. Click Install (the Windows Failover Clustering feature will be installed).

  9. Wait for setup to complete (do not start Platform Manager services).

Primary Platform Manager Configuration

  1. Extract DR zip file to the local directory on Primary Platform Manager.

  2. Run DR_Setup as an administrator.

  3. Enter SQL Sysadmin credentials and click Next.

  4. Select Primary option and click Next.

  5. Enter Failover Cluster IP addresses for both the Primary and Secondary sites.

  6. Select Replication IP addresses for both the Primary and Secondary sites.

  7. Select databases to replicate (EMDB is replicated by default).

  8. Select a folder for temporary database backup storage.

  9. Set Recovery Point Objective (RPO) in minutes.

  10. Click Install (the Windows Failover Clustering feature will be installed).

  11. Wait for database backup and restoration to complete.

Infrastructure Reinstallation

  1. Run the LogRhythm Install Wizard on the Primary server.

  2. Select Yes when asked if deployment includes Disaster Recovery.

  3. Add Management IP addresses of each DR server as separate hosts.

  4. Create a deployment package.

  5. Run Host Installer on the Primary host.

  6. Copy the deployment package to the Secondary host.

  7. Run lrii_windows.exe /dr-secondary on the Secondary host.

  8. Verify all LogRhythm Host Installers completed successfully.

Post-Installation Tasks

  1. Reboot all machines in the DR deployment.

  2. Test the DR solution with a failover scenario and failback scenario.

Failover Process Overview

  1. Manual initiation required:

    • Planned Failover: Use DR_Monitoring.ps1 script on the Primary site.

    • Unplanned Failover: Use DR_Monitoring.ps1 script on the Secondary site.

  2. Update the DNS record to point to Secondary Platform Manager IP.

  3. Reconnect Data Processors to the new Data Indexer if needed.

DR-Specific Considerations for XM Environments

  1. Create a new Data Processor record in the Client Console's Deployment Manager.

  2. Configure the Data Indexer on the secondary DR server with its own cluster name.

  3. Create an additional AI Engine server on XM deployments running AIE.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close