How to configure High Availability (HA) in AlienVault USM (for versions 4.14 and prior)

Similar documents
AlienVault Unified Security Management (USM) x. Configuring High Availability (HA)

Monitoring VMware ESX Virtual Switches

AlienVault. Unified Security Management 5.x Configuring a VPN Environment

SYSTEM BACKUP AND RESTORE (AlienVault USM 4.8+)

AlienVault. Unified Security Management 5.x Configuration Backup and Restore

Device Integration: Citrix NetScaler

Device Integration: Cisco Wireless LAN Controller (WLC)

Device Integration: CyberGuard SG565

Device Integration: Checkpoint Firewall-1

How to send s triggered by events

AlienVault. Unified Security Management (USM) 5.1 Running the Getting Started Wizard

AlienVault. Unified Security Management (USM) x Initial Setup Guide

Deploying HIDS Client to Windows Hosts

AlienVault. Unified Security Management x Offline Update and Software Restoration Procedures

AlienVault Unified Security Management Solution Complete. Simple. Affordable Life Cycle of a log

Module 1: Overview. Module 2: AlienVault USM Solution Deployment. Module 3: AlienVault USM Basic Configuration

AlienVault Unified Security Management (USM) 4.x-5.x. Deploying HIDS Agents to Linux Hosts

AlienVault Unified Security Management (USM) 4.x-5.x. Deployment Planning Guide

Unified Security Management (USM) 5.2 Vulnerability Assessment Guide

AlienVault Offline Key Activation

How to enable File Integrity Monitoring (FIM)

Suricata IDS. What is it and how to enable it

User Management Guide

Assets, Groups & Networks

AlienVault. Unified Security Management (USM) 5.x Policy Management Fundamentals

F-SECURE MESSAGING SECURITY GATEWAY

Intrusion Detection in AlienVault

F-Secure Messaging Security Gateway. Deployment Guide

The SIEM Evaluator s Guide

Snapt Redundancy Manual

How to Configure an Initial Installation of the VMware ESXi Hypervisor

IBM Security QRadar SIEM Version High Availability Guide IBM

AlienVault Unified Security Management for Government v4.12 & CyberC4:Alert v4.12 Configuration for Common Criteria

Netflow Collection with AlienVault Alienvault 2013

StarWind Virtual SAN Installation and Configuration of Hyper-Converged 2 Nodes with Hyper-V Cluster

McAfee Asset Manager Console

Virtual Appliance Setup Guide

VMware vcenter Server 5.5 Deployment Guide TECHNICAL MARKETING DOCUMENTATION V 1.0/NOVEMBER 2013/JUSTIN KING

PineApp Surf-SeCure Quick

uh6 efolder BDR Guide for Veeam Page 1 of 36

Configuring High Availability for VMware vcenter in RMS Distributed Setup

Quick Start Guide: Utilizing Nessus to Secure Microsoft Azure

OnCommand Performance Manager 1.1

Quick Start Guide. Sendio System Protection Appliance. Sendio 5.0

How to deploy console cable to connect WIAS-3200N and PC, to reset setting or check status via console

Migrating your custom settings to version 7.6

Step One: Installing Rsnapshot and Configuring SSH Keys

User Manual Version User Manual A20 / A50 / A100 / A250 / A500 / A1000 / A2000 / A4000

Using Microsoft Expression Web to Upload Your Site

SuperLumin Nemesis. Administration Guide. February 2011

ACS 5.x and later: Integration with Microsoft Active Directory Configuration Example

Foglight Experience Monitor and Foglight Experience Viewer

CLEO NED Active Directory Integration. Version 1.2.0

vcloud Air - Virtual Private Cloud OnDemand Networking Guide

Product Version 1.0 Document Version 1.0-B

SSL VPN. Virtual Appliance Installation Guide. Virtual Private Networks

Intercluster Lookup Service

English ETERNUS CS800 S3. Backup Exec OST Guide

Device LinkUP + Desktop LP Guide RDP

Moving the TRITON Reporting Databases

vsphere Replication for Disaster Recovery to Cloud

SolarWinds Log & Event Manager

Whitepaper Continuous Availability Suite: Neverfail Solution Architecture

Virtual Appliance Setup Guide

First Installation Guide

Maintaining Non-Stop Services with Multi Layer Monitoring

SolarWinds Migrating SolarWinds NPM Technical Reference

Getting Started. Websense V10000 Appliance. v1.1

vsphere Replication for Disaster Recovery to Cloud

IBM WEBSPHERE LOAD BALANCING SUPPORT FOR EMC DOCUMENTUM WDK/WEBTOP IN A CLUSTERED ENVIRONMENT

SevOne NMS Download Installation and Implementation Guide

Astaro Deployment Guide High Availability Options Clustering and Hot Standby

How do I load balance FTP on NetScaler?

Veritas Cluster Server

Juniper Networks Management Pack Documentation

IM and Presence Disaster Recovery System

DEPLOYMENT GUIDE. This document gives a brief overview of deployment preparation, installation and configuration of a Vectra X-series platform.

White Paper. Fabasoft on Linux Cluster Support. Fabasoft Folio 2015 Update Rollup 2

Implementing Failover Capabilities in Red Hat Network Satellite

Wi-Fi Setup Guide USING YOUR DMX PROFUSION is FOR

How To Set Up A Firewall Enterprise, Multi Firewall Edition And Virtual Firewall

Backup Assistant. User Guide. NEC NEC Unified Solutions, Inc. March 2008 NDA-30282, Revision 6

Intellicus Enterprise Reporting and BI Platform

5nine EASY Backup Quick User Guide

PHD Virtual Backup for Hyper-V

AUTOMATED DISASTER RECOVERY SOLUTION USING AZURE SITE RECOVERY FOR FILE SHARES HOSTED ON STORSIMPLE

Cisco Unified CM Disaster Recovery System

Virtual Web Appliance Setup Guide

IBM Security QRadar SIEM Version MR1. Administration Guide

AlienVault Installation Guide

MTP. MTP AirWatch Integration Guide. Release 1.0

SonicWALL SRA Virtual Appliance Getting Started Guide

Acronis Backup & Recovery 11

DEPLOYMENT GUIDE Version 1.1. Configuring BIG-IP WOM with Oracle Database Data Guard, GoldenGate, Streams, and Recovery Manager

VMware vcloud Air Networking Guide

Introducing the BIG-IP and SharePoint Portal Server 2003 configuration

How To Install Ctera Agent On A Pc Or Macbook With Acedo (Windows) On A Macbook Or Macintosh (Windows Xp) On An Ubuntu (Windows 7) On Pc Or Ipad

I N S T A L L A T I O N M A N U A L

Transcription:

Complete. Simple. Affordable How to configure High Availability (HA) in AlienVault USM Copyright 2015 AlienVault. All rights reserved.

AlienVault, AlienVault Unified Security Management, AlienVault USM, AlienVault Open Threat Exchange, AlienVault OTX, Open Threat Exchange, AlienVault OTX Reputation Monitor, AlienVault OTX Reputation Monitor Alert, AlienVault OSSIM and OSSIM are trademarks or service marks of AlienVault.

CONTENTS 1. INTRODUCTION... 4 2. HIGH AVAILABILITY (HA): OVERVIEW AND REQUIREMENTS... 4 2.1. Requirements... 4 2.2. Architecture... 5 3. ENVIRONMENT INSTALLATION... 7 4. CONFIGURATION... 8 4.1. How to configure the local machine... 9 4.2. How to configure the remote machine... 10 4.3. How to synchronize databases... 10 4.4. How to synchronize local files... 11 DC-00150 Edition 02 Copyright 2015 AlienVault. All rights reserved. Page 3 of 12

1. INTRODUCTION High Availability (HA) refers to a system or component that is continuously operational for a desirable long length of time. AlienVault USM offers HA capabilities in all its components: server, logger and sensor. HA is only offered to professional versions. This document describes HA capabilities, requirements, architecture, installation and configuration. 2. HIGH AVAILABILITY (HA): OVERVIEW AND REQUIREMENTS HA refers to a deployment in a distributed installation. It exactly consists of an active unit that is running in production and that is at risk of failure. There is also a standby unit that comes on line in the case of a failure of the active and ensures continuous operation of AlienVault services. 2.1. REQUIREMENTS The standby unit must be setup and configured with the same version of AlienVault as the active or master one. Both of them need to stay in the same subnet (even if it is extended between different datacenters). These do not need to be at the same physical location if extended vlans are deployed between the datacenters (same network addressing in both places). Special care must be taken in situations such as network latency, network disconnections and that kind of problems that can make the replication to fail. For this reason, it is necessary to place checks to guarantee the replication is working properly in those situations. This HA feature is not designed to work across disperse locations (with different IP addressing). It is encouraged to use isolated interfaces (eth1) at each node connected through a dedicated network cable without any network equipment involved in order to avoid any CPD network failures to affect the AV USM HA performance and service functionality. The date in both appliances must be the same. An NTP Server can be configured (see section 3 ENVIRONMENT INSTALLATION). Both appliances must be registered. DC-00150 Edition 02 Copyright 2015 AlienVault. All rights reserved. Page 4 of 12

2.2. ARCHITECTURE In a HA installation, there are 2 levels: one for physical appliances and another, higher, for virtual information. This limit must be established in the AlienVault-Center, which can access to real appliances. The rest of the system can only access to the virtual information. The AlienVault-Center manages the real appliances. The agent, server, IDM, forwarder and rest of services of AlienVault know only the virtual IP to connect them. In the slave appliances, all services have to be stopped except the following ones: Alienvault Center Rsyslog Cron Heartbeat MySQL MongoDB The architecture can be the following: DC-00150 Edition 02 Copyright 2015 AlienVault. All rights reserved. Page 5 of 12

The appliances are configured as follows: Hostname Real IP V Hostname Virtual IP Report To HA-server1 192.168.207.110 HA-server2 192.168.207.111 HA-Logger1 192.168.207.112 HA-Logger2 192.168.207.113 HA-Sensor1 192.168.207.114 HA-Sensor2 192.168.207.115 VServer 192.168.207.120 192.168.207.121 VLogger 192.168.207.121 None VSensor 192.168.207.121 192.168.207.120 DC-00150 Edition 02 Copyright 2015 AlienVault. All rights reserved. Page 6 of 12

3. ENVIRONMENT INSTALLATION The following instructions must be followed for having the same version in all appliances: 1. Install a virtual appliance according the configuration above mentioned (see section 2.1 Requirements. 2. During the installation, a real IP address is assigned to each appliance. 3. Once the installation is finished, activate your appliance to professional by entering a key provided by AlienVault. 4. Open the AlienVault Setup main menu. Navigate to System Preferences > Configure Hostname. Change the appliance hostname following the configuration above mentioned (see section 2.2 Architecture). Ensure the appliances hostnames have different names. 5. Back to the AlienVault Setup main menu and select the option Apply all Changes. Press Enter to accept the selection (<OK>). 6. The date in both appliances must be the same. An NTP Server can be configured: Move to the option System Preferences and press Enter to accept the selection (<OK>). Move to the option Change Location and press Enter to accept the selection (<OK>). Move to the option Date and time and press Enter to accept the selection (<OK>). Move to the option Configure NTP Server and press Enter to accept the selection (<OK>). Enable the NTP Server and press Enter to accept the selection (<OK>). DC-00150 Edition 02 Copyright 2015 AlienVault. All rights reserved. Page 7 of 12

Enter the NTP Server Name or its IP Address. Go back to the main menu. Move to the option Apply all Changes and press Enter to accept the selection (<OK>). This configuration must be done in both appliances. 7. It is recommended stopping the appliance and making a snapshot. 4. CONFIGURATION The configuration of a HA system cannot be done from the Alienvault-Setup. The master appliance can include information, but the slave appliance must always remain empty, without data, because data will be lost in the configuration. The local appliance is the appliance having its services continuously running. The remote appliance has its services in stand-by. DC-00150 Edition 02 Copyright 2015 AlienVault. All rights reserved. Page 8 of 12

4.1. HOW TO CONFIGURE THE LOCAL MACHINE Follow the instructions below to configure HA without opening the web interface: 1. Connect by ssh to the local IP of your appliance. 2. The AlienVault Setup main menu is displayed after the user authentication. 3. On the computer keyboard, press the arrow keys to move to the option Jailbreak System. Then, press Enter to accept the selection (<OK>). 4. Edit the file /etc/ossim/ossim_setup.conf. 5. Change the following fields: Ha_heartbeat_start= enter yes. Ha_local_node_ip= enter the local appliance IP Ha_other_node_ip= enter the remote appliance IP Ha_other_node_name= enter the remote appliance name Ha_password= enter a password. This password is valid for both appliances (local and remote) and must be the same. Ha_role= enter master Ha_virtual_ip= enter the IP address assigned to the virtual appliance 6. Save changes. 7. Enter the following command: DC-00150 Edition 02 Copyright 2015 AlienVault. All rights reserved. Page 9 of 12

ossim-reconfig 4.2. HOW TO CONFIGURE THE REMOTE MACHINE 1. Connect by ssh to the remote IP of your appliance. 2. The AlienVault Setup main menu is displayed after the user authentication. 3. On the computer keyboard, press the arrow keys to move to the option Jailbreak System. Then, press Enter to accept the selection (<OK>). 4. Edit the file /etc/ossim/ossim_setup.conf. 5. Change the fields as indicated below: Ha_heartbeat_start= enter yes. Ha_local_node_ip= enter the remote appliance IP Ha_other_node_ip= enter the local appliance IP Ha_other_node_name= enter the local appliance name Ha_password= enter a password. This password is valid for both appliances (local and remote) and must be the same. Ha_role= enter slave Ha_virtual_ip= enter the IP address assigned to the virtual appliance 6. Save changes. 7. Enter the following command: ossim-reconfig 4.3. HOW TO SYNCHRONIZE DATABASES 1. Connect by ssh to the local IP of your appliance. 2. The AlienVault Setup main menu is displayed after the user authentication. 3. On the computer keyboard, press the arrow keys to move to the option Jailbreak System. Then, press Enter to accept the selection (<OK>). 4. To synchronize the databases, enter the following command: DC-00150 Edition 02 Copyright 2015 AlienVault. All rights reserved. Page 10 of 12

ossim-reconfig -mysql_replication The deployment view in the web will display the IP and hostname of one of both appliances. 4.4. HOW TO SYNCHRONIZE LOCAL FILES The following instructions must be done on both servers, local and remote. 1. Connect by ssh to the IP of your appliance. 2. The AlienVault Setup main menu is displayed after the user authentication. 3. On the computer keyboard, press the arrow keys to move to the option Jailbreak System. Then, press Enter to accept the selection (<OK>). 4. Edit the file /etc/cron.d/ossim_ha_rsync. 5. Uncomment lines depending on the information that is going to be synchronized between servers. The user must choose the hours by executing and activating the line, for instance: Risk metrics graphs #0 * * * * root /usr/local/sbin/ossim_ha-rsync.sh var_lib_ossim_rrd /var/lib/ossim/rrd >/dev/null Netflow configuration #2 * * * * root /usr/local/sbin/ossim_ha-rsync.sh etc_nfsen /etc/nfsen >/dev/null Netflow data collected #4 * * * * root /usr/local/sbin/ossim_ha-rsync.sh var_cache_nfdump /var/cache/nfdump >/dev/null Netflow graphs #6 * * * * root /usr/local/sbin/ossim_ha-rsync.sh var_nfsen /var/nfsen >/dev/null Nagios configuration #8 * * * * root /usr/local/sbin/ossim_ha-rsync.sh etc_nagios3_conf.d /etc/nagios3/conf.d >/dev/null DC-00150 Edition 02 Copyright 2015 AlienVault. All rights reserved. Page 11 of 12

Nagios checks #10 * * * * root /usr/local/sbin/ossim_ha-rsync.sh var_cache_nagios3 /var/cache/nagios3 >/dev/null Ossim database backups #12 * * * * root /usr/local/sbin/ossim_ha-rsync.sh var_lib_ossim_backup /var/lib/ossim/backup >/dev/null Ossim agent configuration and plugins #14 * * * * root /usr/local/sbin/ossim_ha-rsync.sh etc_ossim_agent /etc/ossim/agent >/dev/null Ntop graphs and statistics #16 * * * * root /usr/local/sbin/ossim_ha-rsync.sh var_lib_ntop /var/lib/ntop >/dev/null Ntop configuration #18 * * * * root /usr/local/sbin/ossim_ha-rsync.sh etc_ntop /etc/ntop >/dev/null DC-00150 Edition 02 Copyright 2015 AlienVault. All rights reserved. Page 12 of 12

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information