Disaster Recovery Upgrade Checklist

This checklist can be used to record your progress throughout the process of upgrading a LogRhythm Disaster Recovery deployment.

Prerequisites Verification

[ ] Verify both Primary and Secondary sites are running the same LogRhythm software version
[ ] Confirm Windows Server 2016, 2019, or 2022 is running on Windows-based appliances
[ ] Verify SQL Server 2016, 2019, or 2022 Standard is installed on Platform Manager
[ ] Confirm Microsoft .NET Framework 4.7.2 is installed on Platform Manager and core components
[ ] Verify Microsoft .NET Core 8.0.3+ is installed on Data Processor and AI Engine services
[ ] Check Active Directory domain requirements (both servers joined to same domain)
[ ] Verify DNS server access within Active Directory Domain
[ ] Confirm firewall ports/protocols are allowed through Windows firewall:
- [ ] UDP 3343 (Cluster Service)
- [ ] TCP 3343 (Cluster Service)
- [ ] TCP 135 (RPC)
- [ ] UDP 137 (Cluster Administrator)
- [ ] TCP 445 (Windows Host)
- [ ] UDP 1024-65535 (Ephemeral Ports)
- [ ] TCP 49152-65535 (Ephemeral Ports)
- [ ] TCP 5022 (SQL Replication)
- [ ] TCP 1433 (MSSQL)
- [ ] ICMP Echo Request/Reply

[ ] Ensure upgrade user is an Active Directory account with administrative privileges on both servers
[ ] Confirm SQL Server and SQL Server Agent Services are configured with Active Directory account with local admin privileges
[ ] Verify SQL Server password for LogRhythmAdmin account
[ ] Confirm SQL Server sa password for LogRhythm databases
[ ] Check that upgrade user has required permissions:
- [ ] Back up/restore files and directories
- [ ] Manage auditing and security log
- [ ] Take ownership of files or other objects
- [ ] Shut down the system and debug programs

[ ] Verify Failover Cluster IP addresses in multi-subnet scenario
[ ] Check the status of databases in DR Control application (should be Synchronized or Synchronizing)

[ ] Record service credentials for SQL Server, SQL Server Agent, and LogRhythm Service Registry
[ ] Request LogRhythm license file at least one business day prior to upgrade
[ ] Modify web.config for LR API (if using LR API)
[ ] Note Web Console environmental variables (if overriding Configuration Manager settings)
[ ] Record Platform Manager IP, LogRhythm Web UI password, and login warning banner
[ ] Synchronize stored Knowledge Base (if downloaded but not synchronized)
[ ] Configure System Monitor service to Startup Type = Automatic
[ ] Shut down antivirus and endpoint protection software
[ ] Exit all LogRhythm Client Consoles

[ ] Stop Platform Manager services
[ ] Stop Alarming and Response Manager (Job Manager, AI Engine Cache Drilldown)
[ ] Stop Data Processor services (Mediator Server Service)
[ ] Stop AI Engine services (AI Engine, AI Engine Communication Manager)
[ ] Stop Web Console services (Web Services Host API, Web Indexer, Web Console UI, Web Console API, Case API)
[ ] Optional: Stop Kibana

[ ] Run LogRhythm Database Upgrade Tool on primary PM/XM
- [ ] Select SQL Server Authentication (not Windows Authentication)
- [ ] Provide sa and LogRhythmAdmin passwords
- [ ] Review components screen
- [ ] Back up LogRhythm EMDB database (required)
- [ ] Back up additional databases (optional)
- [ ] Complete upgrade process
[ ] Run DR Upgrade script on both servers:
- [ ] Unzip the DR Upgrade.zip
- [ ] Run DR_Upgrade.ps1 script as administrator
- [ ] Provide sysadmin credentials when prompted

[ ] Run LogRhythm Install Wizard on primary PM/XM
[ ] In LogRhythm Deployment Tool:
- [ ] Select "Yes" for Disaster Recovery when prompted
- [ ] Provide FQDN of DR Cluster
- [ ] Add Management IP address of each DR server as separate hosts
- [ ] Create Deployment Package
- [ ] Run Host Installer on Primary Host
[ ] On Secondary host:
- [ ] Copy deployment package (Windows executable and plan file)
- [ ] Run lrii_windows.exe /dr-secondary from elevated command prompt
- [ ] Verify command completes without errors
[ ] Return to Primary DR server and select "Verify Status"
[ ] Verify LogRhythm Service Registry service is using appropriate service account
[ ] Run LogRhythm Install Wizard on secondary node
- [ ] Click "Exit" when LogRhythm Infrastructure Installer opens

[ ] Reboot all machines in the DR deployment
[ ] Import LogRhythm license file
[ ] Start LogRhythm components:
- [ ] On Windows Data Indexer, run start-allservices.bat
- [ ] Start all LogRhythm services via Services Control Panel
- [ ] On Linux Data Indexers, run start-all-services-linux.sh
[ ] Upgrade and start other agents (Windows and Linux System Monitors)

[ ] Confirm all LogRhythm services started successfully
- [ ] Only services set to Startup Type = Automatic should be started on secondary PM/XM
[ ] Verify "All Services Up" appears in Configuration Manager (may take up to 5 minutes)
[ ] Check databases status in DR Control application (should be Synchronized or Synchronizing)
[ ] Verify Data Processors are processing logs (localhost:3000 > Pipeline > Mediator)
[ ] Confirm DX cluster is green or yellow (localhost:3000 > Data Indexer > Maintenance)
[ ] Verify logs are being indexed into DX cluster (localhost:3000 > Data Indexer > Logs Indexing)
[ ] Confirm AIE servers are receiving and processing data (localhost:3000 > AIE > AIE Metrics)
[ ] Test Web Console functionality:
- [ ] Check data on key dashboards
- [ ] Run search with Last 30 minutes timeframe
- [ ] Verify AIE correlation rules trigger alarms correctly
[ ] Complete a failover to confirm functionality on the new version

[ ] Configure or verify communication ports
- [ ] Remote Console access (TCP 13130, 13132)
- [ ] Linux Data Indexer ports
- [ ] Windows Data Indexer ports
[ ] Add realtime antivirus exclusions for LogRhythm directories
[ ] Verify Web Console processes are running
[ ] Set Knowledge Base downloads to automatic
[ ] Remove FIM state file (if applicable)