Skip to main content
Skip table of contents

Install a LogRhythm High Availability Deployment

This guide is for LogRhythm Professional Services to prepare, install, and configure LogRhythm appliances in an Active / Passive HA relationship. LogRhythm HA is designed to help protect against downtime caused by both planned and unplanned outages using host-based replication technologies and constant monitoring of critical components and services. This guide can be used for both new and existing LogRhythm installations.

The LogRhythm HA solution leverages SIOS products to deliver failover and data replication capabilities, collectively called the SIOS Protection Suite (SPS). SPS is made up of the following core products:

  • LifeKeeper. Provides continuous monitoring of critical resources. This toolset provides the foundation of the LogRhythm HA platform on the appliances.
  • DataKeeper. Provides volume-level replication for disk drives that delivers a ‘shared-nothing’ solution when used in conjunction with LifeKeeper.
  • LifeKeeper SQL Recovery Kit. An add-on kit to SPS, this kit provides enhanced functionality to deliver database and process level monitoring, along with integrated capabilities within the LifeKeeper GUI.

    The SQL Recovery Kit is required on XM and PM appliances.

The installation of SPS and the supplemental LogRhythm configuration in this document ensure the LogRhythm HA solution can deliver superior uptime and flexibility allowing LogRhythm to meet the constant demands of the enterprise.

Example Deployment

In a typical deployment, each system is configured with four logical drives:

Drive LetterContainsReplicated?
L:Logs (only on XM, PM)Yes
T:TempDB (only on XM, PM)No
S: (Gen5+)DataYes

Each host requires a static IP Address accessible on the Public Network. Additionally, each pair of nodes requires a Shared IP Address accessible on the Public Network. This Shared IP Address will be the IP Address that is used by the protected elements on the system.

In the reference diagram that follows, the IP Address that all LogRhythm services will be configured to use is the Shared IP Address. SQL and the Windows name also use this same shared IP Address. Together, the Shared IP Address, Shared Name, and Shared Data Volumes form the shared infrastructure on which the LogRhythm Application Stack operates. These resources combine to form a logical virtual server on the network.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.