Use https://seceonhelp.freshdesk.com/support/login to access updated Knowledge Base Articles, Submit Technical Support Tickets and Review Status of submitted support tickets.

HA Setup and it’s functioning

Owned by Customer Success & Engineering (Unlicensed)
Last updated: Jun 01, 2023
2 min read

Overview

Show HA setup and their Synchronization.

Pre-requisite

2 CCE (192.168.2.x) servers to be configured at DC in active-passive mode.

In DC, APE-01 (192.168.1.x1) and APE-02 (192.168.1.x2) will be configured in HA mode using an active-passive combination.

A Dedicated 10G Ethernet interface will exist between APE-01 and APE-02.

LTS (LTS-1 – 192.168.3.x) server will be configured in DC.

Devices under test will be sending flows and logs to one of the DC CCE.

Once a day, the DC data will be synchronized with the DR.

Test Procedure

(In the above diagram ignore the DCDR network on the right side)

1-   Setup HA APEs and check to make sure both are getting the logs and flows on the dashboard as well as on data ingest i.e., system dashboard.

2-   In the Test Conditions sections above IP addresses are mentioned for all servers.

3-   Please note that the actual IP addresses may be different during test

 Case I- when cce 1 and 2 are active, ape 1 and 2 are active.  (This is step 1 above)

Cce-1 – main, ape 1 – main , ape-2 backup

Demonstrate – console (ape 1 or 2 ) https:x.y.z.a

Run for 15 min

 Case II – cce 1 down , repeat the steps above

 Case III- cce 1 up, ape 1 down , above steps

 Case Iv- cce 1 down , ape 1 down , steps

last 1 hours report / performance dashobaord

Scenario 1 – When CCE-01 goes down at DC

●     Using the state sync between CCEs, CCE-02 will take over the active state automatically.

●     Data sources will continue sending logs to CCE-02.

●     CCE-02 will send parsed data to both APE and raw logs to LTS-1

●     SOC team will continue accessing the APE-01 via FQDN

Scenario 2 – When APE-01 goes down at DC

●     Using the state sync between APEs, APE-02 will take over the active state.

●     Data sources will continue sending logs to CCE-01

●     Active CCE will send parsed data to APE-02 and raw logs to LTS-1

●     APE-02 will start to sync with the APE-03 at DR

●     SOC team will continue accessing the APE-02 via FQDN

●     Lucknow Safe City IT team will investigate and bring back APE-01

APE-01 will become passive APE

Expected Output

1-   Both APEs should have the similar data sets on the performance dashboard before the test scenarios are executed.

2-   At the end of Scenario-1, verify that the active APE is accessible.

3-   Verify that the performance dashboard shows data over the last few minutes.

4-   At the end of Scenario-2, verify that the newly active APE is accessible

5- Verify that the performance dashboard shows data over the last few minutes.

 

 

 

 

 

Seceon Inc. All rights reserved. https://www.seceon.com