Overview

Show HA setup and their Synchronization.

2 CCE (192.168.2.x) servers to be configured at DC in active-passive mode.

In DC, APE-01 (192.168.1.x1) and APE-02 (192.168.1.x2) will be configured in HA mode using an active-passive combination.

A Dedicated 10G Ethernet interface will exist between APE-01 and APE-02.

LTS (LTS-1 – 192.168.3.x) server will be configured in DC.

Devices under test will be sending flows and logs to one of the DC CCE.

Once a day, the DC data will be synchronized with the DR.

Test Procedure

1- Setup HA APEs and check to make sure both are getting the logs and flows on the dashboard as well as on data ingest i.e., system dashboard.

2- In the Test Conditions sections above IP addresses are mentioned for all servers.

3- Please note that the actual IP addresses may be different during test

Case I- when cce 1 and 2 are active, ape 1 and 2 are active. (This is step 1 above)

Cce-1 – main, ape 1 – main , ape-2 backup

Demonstrate – console (ape 1 or 2 ) https:x.y.z.a

Run for 15 min

Case II – cce 1 down , repeat the steps above

Case III- cce 1 up, ape 1 down , above steps

Case Iv- cce 1 down , ape 1 down , steps

last 1 hours report / performance dashobaord

Scenario 1 – When CCE-01 goes down at DC

● Using the state sync between CCEs, CCE-02 will take over the active state automatically.

● Data sources will continue sending logs to CCE-02.

● CCE-02 will send parsed data to both APE and raw logs to LTS-1

● SOC team will continue accessing the APE-01 via FQDN

Scenario 2 – When APE-01 goes down at DC

● Using the state sync between APEs, APE-02 will take over the active state.

● Data sources will continue sending logs to CCE-01

● Active CCE will send parsed data to APE-02 and raw logs to LTS-1

● APE-02 will start to sync with the APE-03 at DR

● SOC team will continue accessing the APE-02 via FQDN

● Lucknow Safe City IT team will investigate and bring back APE-01

APE-01 will become passive APE