Hello experts,

Please when setting up secondary qradar for HA, what appliance type should i select as shown below:
1) Software install 
2) High Availability appliance

Where do I apply my HA activation key , is it on the primary or secondary?

Lastly when i setup HA between nodes, does my custom rules, log sources, offenses, assets, event and flow data get transferred (sync) from primary to secondary, or do i need to transfer some of these content using ContentManagement tool?

Thanks Experts, it is urgent!!

------------------------------
benjamin Nworah
------------------------------

Hello Benjamin,

Assuming you have a single all-in-one host, then the docs on implementing this should guide you. Not knowing your version and if this is virtualised or not, does make a difference. The basic install guide is here: IBM QRadar : Installation Guide - Chapter 2

Take a backup before you start.

You will need your license to support HA for this to complete and it should be on the primary console. If a pair of real hosts (you have not specified), you will also need both hosts to comply with the local network (or fibre) connectivity requirements for DRBD to do the file system synchronisation.

In essence, any HA setup is based on the secondary host (an HA appliance - type 500), being integrated to the primary.

Once the HA appliance is built, you will need to add it into the deployment to the first appliance in "System and License Management". There are HA options if you right click or select actions from the drop-down. If that goes normally, HA synchronisation starts after a reboot.

Depending on your setup, the systems then go into synchronisation. That can take a few hours or days, depending on the primary appliance size and your network speeds.

You can think of the two hosts in constant sync, so that whatever is on the primary host is on the secondary host. You should not need to do any manual work, but Apps do work differently and are not usually HA-aware, so caveat emptor if you have an App host.

Regards,

------------------------------
Darren H.
------------------------------

Original Message:
Sent: Mon January 25, 2021 12:13 PM
From: benjamin Nworah
Subject: HA option for the Secondary node

Hello experts,

Please when setting up secondary qradar for HA, what appliance type should i select as shown below:
1) Software install 
2) High Availability appliance

Where do I apply my HA activation key , is it on the primary or secondary?

Lastly when i setup HA between nodes, does my custom rules, log sources, offenses, assets, event and flow data get transferred (sync) from primary to secondary, or do i need to transfer some of these content using ContentManagement tool?

Thanks Experts, it is urgent!!

------------------------------
benjamin Nworah
------------------------------

Hello Daren,

Thank you for this important point.

But for the App host , i think i can only have one per high availability deployment. So in the event of fail over the App host should connect to the Secondary qradar using the VIP.? 

Correct me if i am wrong.

Regards,

------------------------------
benjamin Nworah
------------------------------

Original Message:
Sent: Mon January 25, 2021 01:02 PM
From: Darren H.
Subject: HA option for the Secondary node

Hello Benjamin,

Assuming you have a single all-in-one host, then the docs on implementing this should guide you. Not knowing your version and if this is virtualised or not, does make a difference. The basic install guide is here: IBM QRadar : Installation Guide - Chapter 2

Take a backup before you start.

You will need your license to support HA for this to complete and it should be on the primary console. If a pair of real hosts (you have not specified), you will also need both hosts to comply with the local network (or fibre) connectivity requirements for DRBD to do the file system synchronisation.

In essence, any HA setup is based on the secondary host (an HA appliance - type 500), being integrated to the primary.

Once the HA appliance is built, you will need to add it into the deployment to the first appliance in "System and License Management". There are HA options if you right click or select actions from the drop-down. If that goes normally, HA synchronisation starts after a reboot.

Depending on your setup, the systems then go into synchronisation. That can take a few hours or days, depending on the primary appliance size and your network speeds.

You can think of the two hosts in constant sync, so that whatever is on the primary host is on the secondary host. You should not need to do any manual work, but Apps do work differently and are not usually HA-aware, so caveat emptor if you have an App host.

Regards,

------------------------------
Darren H.

Original Message:
Sent: Mon January 25, 2021 12:13 PM
From: benjamin Nworah
Subject: HA option for the Secondary node

Hello experts,

Please when setting up secondary qradar for HA, what appliance type should i select as shown below:
1) Software install 
2) High Availability appliance

Where do I apply my HA activation key , is it on the primary or secondary?

Lastly when i setup HA between nodes, does my custom rules, log sources, offenses, assets, event and flow data get transferred (sync) from primary to secondary, or do i need to transfer some of these content using ContentManagement tool?

Thanks Experts, it is urgent!!

------------------------------
benjamin Nworah
------------------------------

Yes, App hosts are single hosts only and integrate to the VIP of the console.

The original response was presumed just about your (all-in-one) console, as an App host was not mentioned in the first post. Just about adding HA.

What is your current deployment, what is the target deployment and what versions are you using? This helps people to understand what you're trying to do.

------------------------------
Darren H.
------------------------------

Original Message:
Sent: Mon January 25, 2021 04:31 PM
From: benjamin Nworah
Subject: HA option for the Secondary node

Hello Daren,

Thank you for this important point.

But for the App host , i think i can only have one per high availability deployment. So in the event of fail over the App host should connect to the Secondary qradar using the VIP.? 

Correct me if i am wrong.

Regards,

------------------------------
benjamin Nworah

Original Message:
Sent: Mon January 25, 2021 01:02 PM
From: Darren H.
Subject: HA option for the Secondary node

Hello Benjamin,

Assuming you have a single all-in-one host, then the docs on implementing this should guide you. Not knowing your version and if this is virtualised or not, does make a difference. The basic install guide is here: IBM QRadar : Installation Guide - Chapter 2

Take a backup before you start.

You will need your license to support HA for this to complete and it should be on the primary console. If a pair of real hosts (you have not specified), you will also need both hosts to comply with the local network (or fibre) connectivity requirements for DRBD to do the file system synchronisation.

In essence, any HA setup is based on the secondary host (an HA appliance - type 500), being integrated to the primary.

Once the HA appliance is built, you will need to add it into the deployment to the first appliance in "System and License Management". There are HA options if you right click or select actions from the drop-down. If that goes normally, HA synchronisation starts after a reboot.

Depending on your setup, the systems then go into synchronisation. That can take a few hours or days, depending on the primary appliance size and your network speeds.

You can think of the two hosts in constant sync, so that whatever is on the primary host is on the secondary host. You should not need to do any manual work, but Apps do work differently and are not usually HA-aware, so caveat emptor if you have an App host.

Regards,

------------------------------
Darren H.

Original Message:
Sent: Mon January 25, 2021 12:13 PM
From: benjamin Nworah
Subject: HA option for the Secondary node

Hello experts,

Please when setting up secondary qradar for HA, what appliance type should i select as shown below:
1) Software install 
2) High Availability appliance

Where do I apply my HA activation key , is it on the primary or secondary?

Lastly when i setup HA between nodes, does my custom rules, log sources, offenses, assets, event and flow data get transferred (sync) from primary to secondary, or do i need to transfer some of these content using ContentManagement tool?

Thanks Experts, it is urgent!!

------------------------------
benjamin Nworah
------------------------------

Hello,

My primary site consists of Qradar All-in-one console (VM) and an App host (VM), but i want to set my secondary node (VM) at two different Data centers separated by 50km. 

Regards,

------------------------------
benjamin Nworah
------------------------------

Original Message:
Sent: Tue January 26, 2021 03:50 AM
From: Darren H.
Subject: HA option for the Secondary node

Yes, App hosts are single hosts only and integrate to the VIP of the console.

The original response was presumed just about your (all-in-one) console, as an App host was not mentioned in the first post. Just about adding HA.

What is your current deployment, what is the target deployment and what versions are you using? This helps people to understand what you're trying to do.

------------------------------
Darren H.

Original Message:
Sent: Mon January 25, 2021 04:31 PM
From: benjamin Nworah
Subject: HA option for the Secondary node

Hello Daren,

Thank you for this important point.

But for the App host , i think i can only have one per high availability deployment. So in the event of fail over the App host should connect to the Secondary qradar using the VIP.? 

Correct me if i am wrong.

Regards,

------------------------------
benjamin Nworah

Original Message:
Sent: Mon January 25, 2021 01:02 PM
From: Darren H.
Subject: HA option for the Secondary node

Hello Benjamin,

Assuming you have a single all-in-one host, then the docs on implementing this should guide you. Not knowing your version and if this is virtualised or not, does make a difference. The basic install guide is here: IBM QRadar : Installation Guide - Chapter 2

Take a backup before you start.

You will need your license to support HA for this to complete and it should be on the primary console. If a pair of real hosts (you have not specified), you will also need both hosts to comply with the local network (or fibre) connectivity requirements for DRBD to do the file system synchronisation.

In essence, any HA setup is based on the secondary host (an HA appliance - type 500), being integrated to the primary.

Once the HA appliance is built, you will need to add it into the deployment to the first appliance in "System and License Management". There are HA options if you right click or select actions from the drop-down. If that goes normally, HA synchronisation starts after a reboot.

Depending on your setup, the systems then go into synchronisation. That can take a few hours or days, depending on the primary appliance size and your network speeds.

You can think of the two hosts in constant sync, so that whatever is on the primary host is on the secondary host. You should not need to do any manual work, but Apps do work differently and are not usually HA-aware, so caveat emptor if you have an App host.

Regards,

------------------------------
Darren H.

Original Message:
Sent: Mon January 25, 2021 12:13 PM
From: benjamin Nworah
Subject: HA option for the Secondary node

Hello experts,

Please when setting up secondary qradar for HA, what appliance type should i select as shown below:
1) Software install 
2) High Availability appliance

Where do I apply my HA activation key , is it on the primary or secondary?

Lastly when i setup HA between nodes, does my custom rules, log sources, offenses, assets, event and flow data get transferred (sync) from primary to secondary, or do i need to transfer some of these content using ContentManagement tool?

Thanks Experts, it is urgent!!

------------------------------
benjamin Nworah
------------------------------

Hello Daren,

Version is 7.3.3 FP4 on primary, i will be using the same 7.3.3 as the secondary node.

------------------------------
benjamin Nworah
------------------------------

Original Message:
Sent: Tue January 26, 2021 04:01 AM
From: benjamin Nworah
Subject: HA option for the Secondary node

Hello,

My primary site consists of Qradar All-in-one console (VM) and an App host (VM), but i want to set my secondary node (VM) at two different Data centers separated by 50km. 

Regards,

------------------------------
benjamin Nworah

Original Message:
Sent: Tue January 26, 2021 03:50 AM
From: Darren H.
Subject: HA option for the Secondary node

Yes, App hosts are single hosts only and integrate to the VIP of the console.

The original response was presumed just about your (all-in-one) console, as an App host was not mentioned in the first post. Just about adding HA.

What is your current deployment, what is the target deployment and what versions are you using? This helps people to understand what you're trying to do.

------------------------------
Darren H.

Original Message:
Sent: Mon January 25, 2021 04:31 PM
From: benjamin Nworah
Subject: HA option for the Secondary node

Hello Daren,

Thank you for this important point.

But for the App host , i think i can only have one per high availability deployment. So in the event of fail over the App host should connect to the Secondary qradar using the VIP.? 

Correct me if i am wrong.

Regards,

------------------------------
benjamin Nworah

Original Message:
Sent: Mon January 25, 2021 01:02 PM
From: Darren H.
Subject: HA option for the Secondary node

Hello Benjamin,

Assuming you have a single all-in-one host, then the docs on implementing this should guide you. Not knowing your version and if this is virtualised or not, does make a difference. The basic install guide is here: IBM QRadar : Installation Guide - Chapter 2

Take a backup before you start.

You will need your license to support HA for this to complete and it should be on the primary console. If a pair of real hosts (you have not specified), you will also need both hosts to comply with the local network (or fibre) connectivity requirements for DRBD to do the file system synchronisation.

In essence, any HA setup is based on the secondary host (an HA appliance - type 500), being integrated to the primary.

Once the HA appliance is built, you will need to add it into the deployment to the first appliance in "System and License Management". There are HA options if you right click or select actions from the drop-down. If that goes normally, HA synchronisation starts after a reboot.

Depending on your setup, the systems then go into synchronisation. That can take a few hours or days, depending on the primary appliance size and your network speeds.

You can think of the two hosts in constant sync, so that whatever is on the primary host is on the secondary host. You should not need to do any manual work, but Apps do work differently and are not usually HA-aware, so caveat emptor if you have an App host.

Regards,

------------------------------
Darren H.

Original Message:
Sent: Mon January 25, 2021 12:13 PM
From: benjamin Nworah
Subject: HA option for the Secondary node

Hello experts,

Please when setting up secondary qradar for HA, what appliance type should i select as shown below:
1) Software install 
2) High Availability appliance

Where do I apply my HA activation key , is it on the primary or secondary?

Lastly when i setup HA between nodes, does my custom rules, log sources, offenses, assets, event and flow data get transferred (sync) from primary to secondary, or do i need to transfer some of these content using ContentManagement tool?

Thanks Experts, it is urgent!!

------------------------------
benjamin Nworah
------------------------------

Thanks for the extra info.

Knowing what you want to do, have you read the documentation about what modes of operation are supported for HA?

As said at the start, HA uses OS-level disk replication (DRBD). This will fail if you do not have ~2ms RTT for the networking (or fibre) connection.

50km is too far away for the laws of physics to give the performance you are looking for. Although if you want to do it anyway, just do not expect any support from IBM and expect the HA and replication to fail.

If distances is the key driver, I would recommend having a rethink about going to 7.4.1 and use the DR app - which also requires the data synchronisation app and license.


------------------------------
Darren H.
------------------------------

Original Message:
Sent: Tue January 26, 2021 04:04 AM
From: benjamin Nworah
Subject: HA option for the Secondary node

Hello Daren,

Version is 7.3.3 FP4 on primary, i will be using the same 7.3.3 as the secondary node.

------------------------------
benjamin Nworah

Original Message:
Sent: Tue January 26, 2021 04:01 AM
From: benjamin Nworah
Subject: HA option for the Secondary node

Hello,

My primary site consists of Qradar All-in-one console (VM) and an App host (VM), but i want to set my secondary node (VM) at two different Data centers separated by 50km. 

Regards,

------------------------------
benjamin Nworah

Original Message:
Sent: Tue January 26, 2021 03:50 AM
From: Darren H.
Subject: HA option for the Secondary node

Yes, App hosts are single hosts only and integrate to the VIP of the console.

The original response was presumed just about your (all-in-one) console, as an App host was not mentioned in the first post. Just about adding HA.

What is your current deployment, what is the target deployment and what versions are you using? This helps people to understand what you're trying to do.

------------------------------
Darren H.

Original Message:
Sent: Mon January 25, 2021 04:31 PM
From: benjamin Nworah
Subject: HA option for the Secondary node

Hello Daren,

Thank you for this important point.

But for the App host , i think i can only have one per high availability deployment. So in the event of fail over the App host should connect to the Secondary qradar using the VIP.? 

Correct me if i am wrong.

Regards,

------------------------------
benjamin Nworah

Original Message:
Sent: Mon January 25, 2021 01:02 PM
From: Darren H.
Subject: HA option for the Secondary node

Hello Benjamin,

Assuming you have a single all-in-one host, then the docs on implementing this should guide you. Not knowing your version and if this is virtualised or not, does make a difference. The basic install guide is here: IBM QRadar : Installation Guide - Chapter 2

Take a backup before you start.

You will need your license to support HA for this to complete and it should be on the primary console. If a pair of real hosts (you have not specified), you will also need both hosts to comply with the local network (or fibre) connectivity requirements for DRBD to do the file system synchronisation.

In essence, any HA setup is based on the secondary host (an HA appliance - type 500), being integrated to the primary.

Once the HA appliance is built, you will need to add it into the deployment to the first appliance in "System and License Management". There are HA options if you right click or select actions from the drop-down. If that goes normally, HA synchronisation starts after a reboot.

Depending on your setup, the systems then go into synchronisation. That can take a few hours or days, depending on the primary appliance size and your network speeds.

You can think of the two hosts in constant sync, so that whatever is on the primary host is on the secondary host. You should not need to do any manual work, but Apps do work differently and are not usually HA-aware, so caveat emptor if you have an App host.

Regards,

------------------------------
Darren H.

Original Message:
Sent: Mon January 25, 2021 12:13 PM
From: benjamin Nworah
Subject: HA option for the Secondary node

Hello experts,

Please when setting up secondary qradar for HA, what appliance type should i select as shown below:
1) Software install 
2) High Availability appliance

Where do I apply my HA activation key , is it on the primary or secondary?

Lastly when i setup HA between nodes, does my custom rules, log sources, offenses, assets, event and flow data get transferred (sync) from primary to secondary, or do i need to transfer some of these content using ContentManagement tool?

Thanks Experts, it is urgent!!

------------------------------
benjamin Nworah
------------------------------

Hello Daren,

I have explained this to the client that HA fail over won't be feasible for such a distance, and they insisted we implement it.

I have informed them about data sync offering, but they are not ready for another license cost.

Regards,

------------------------------
benjamin Nworah
------------------------------

Original Message:
Sent: Tue January 26, 2021 04:16 AM
From: Darren H.
Subject: HA option for the Secondary node

Thanks for the extra info.

Knowing what you want to do, have you read the documentation about what modes of operation are supported for HA?

As said at the start, HA uses OS-level disk replication (DRBD). This will fail if you do not have ~2ms RTT for the networking (or fibre) connection.

50km is too far away for the laws of physics to give the performance you are looking for. Although if you want to do it anyway, just do not expect any support from IBM and expect the HA and replication to fail.

If distances is the key driver, I would recommend having a rethink about going to 7.4.1 and use the DR app - which also requires the data synchronisation app and license.


------------------------------
Darren H.

Original Message:
Sent: Tue January 26, 2021 04:04 AM
From: benjamin Nworah
Subject: HA option for the Secondary node

Hello Daren,

Version is 7.3.3 FP4 on primary, i will be using the same 7.3.3 as the secondary node.

------------------------------
benjamin Nworah

Original Message:
Sent: Tue January 26, 2021 04:01 AM
From: benjamin Nworah
Subject: HA option for the Secondary node

Hello,

My primary site consists of Qradar All-in-one console (VM) and an App host (VM), but i want to set my secondary node (VM) at two different Data centers separated by 50km. 

Regards,

------------------------------
benjamin Nworah

Original Message:
Sent: Tue January 26, 2021 03:50 AM
From: Darren H.
Subject: HA option for the Secondary node

Yes, App hosts are single hosts only and integrate to the VIP of the console.

The original response was presumed just about your (all-in-one) console, as an App host was not mentioned in the first post. Just about adding HA.

What is your current deployment, what is the target deployment and what versions are you using? This helps people to understand what you're trying to do.

------------------------------
Darren H.

Original Message:
Sent: Mon January 25, 2021 04:31 PM
From: benjamin Nworah
Subject: HA option for the Secondary node

Hello Daren,

Thank you for this important point.

But for the App host , i think i can only have one per high availability deployment. So in the event of fail over the App host should connect to the Secondary qradar using the VIP.? 

Correct me if i am wrong.

Regards,

------------------------------
benjamin Nworah

Original Message:
Sent: Mon January 25, 2021 01:02 PM
From: Darren H.
Subject: HA option for the Secondary node

Hello Benjamin,

Assuming you have a single all-in-one host, then the docs on implementing this should guide you. Not knowing your version and if this is virtualised or not, does make a difference. The basic install guide is here: IBM QRadar : Installation Guide - Chapter 2

Take a backup before you start.

You will need your license to support HA for this to complete and it should be on the primary console. If a pair of real hosts (you have not specified), you will also need both hosts to comply with the local network (or fibre) connectivity requirements for DRBD to do the file system synchronisation.

In essence, any HA setup is based on the secondary host (an HA appliance - type 500), being integrated to the primary.

Once the HA appliance is built, you will need to add it into the deployment to the first appliance in "System and License Management". There are HA options if you right click or select actions from the drop-down. If that goes normally, HA synchronisation starts after a reboot.

Depending on your setup, the systems then go into synchronisation. That can take a few hours or days, depending on the primary appliance size and your network speeds.

You can think of the two hosts in constant sync, so that whatever is on the primary host is on the secondary host. You should not need to do any manual work, but Apps do work differently and are not usually HA-aware, so caveat emptor if you have an App host.

Regards,

------------------------------
Darren H.

Original Message:
Sent: Mon January 25, 2021 12:13 PM
From: benjamin Nworah
Subject: HA option for the Secondary node

Hello experts,

Please when setting up secondary qradar for HA, what appliance type should i select as shown below:
1) Software install 
2) High Availability appliance

Where do I apply my HA activation key , is it on the primary or secondary?

Lastly when i setup HA between nodes, does my custom rules, log sources, offenses, assets, event and flow data get transferred (sync) from primary to secondary, or do i need to transfer some of these content using ContentManagement tool?

Thanks Experts, it is urgent!!

------------------------------
benjamin Nworah
------------------------------

Hello Daren,

Please can you assist with the below:

I have taken a backup of my events records (including payloads) from /store/ariel/events/records/ and /store/ariel/events/payloads/, i want to upgrade my qradar from 7.3.3 to 7.4.2, can I restore the backup events records to this upgraded version (7.4.2) and still view my events on the log activity tab without any issues?

Please i await your response.

Best Regards,

------------------------------
benjamin Nworah
------------------------------

Original Message:
Sent: Tue January 26, 2021 05:06 AM
From: benjamin Nworah
Subject: HA option for the Secondary node

Hello Daren,

I have explained this to the client that HA fail over won't be feasible for such a distance, and they insisted we implement it.

I have informed them about data sync offering, but they are not ready for another license cost.

Regards,

------------------------------
benjamin Nworah

Original Message:
Sent: Tue January 26, 2021 04:16 AM
From: Darren H.
Subject: HA option for the Secondary node

Thanks for the extra info.

Knowing what you want to do, have you read the documentation about what modes of operation are supported for HA?

As said at the start, HA uses OS-level disk replication (DRBD). This will fail if you do not have ~2ms RTT for the networking (or fibre) connection.

50km is too far away for the laws of physics to give the performance you are looking for. Although if you want to do it anyway, just do not expect any support from IBM and expect the HA and replication to fail.

If distances is the key driver, I would recommend having a rethink about going to 7.4.1 and use the DR app - which also requires the data synchronisation app and license.


------------------------------
Darren H.

Original Message:
Sent: Tue January 26, 2021 04:04 AM
From: benjamin Nworah
Subject: HA option for the Secondary node

Hello Daren,

Version is 7.3.3 FP4 on primary, i will be using the same 7.3.3 as the secondary node.

------------------------------
benjamin Nworah

Original Message:
Sent: Tue January 26, 2021 04:01 AM
From: benjamin Nworah
Subject: HA option for the Secondary node

Hello,

My primary site consists of Qradar All-in-one console (VM) and an App host (VM), but i want to set my secondary node (VM) at two different Data centers separated by 50km. 

Regards,

------------------------------
benjamin Nworah

Original Message:
Sent: Tue January 26, 2021 03:50 AM
From: Darren H.
Subject: HA option for the Secondary node

Yes, App hosts are single hosts only and integrate to the VIP of the console.

The original response was presumed just about your (all-in-one) console, as an App host was not mentioned in the first post. Just about adding HA.

What is your current deployment, what is the target deployment and what versions are you using? This helps people to understand what you're trying to do.

------------------------------
Darren H.

Original Message:
Sent: Mon January 25, 2021 04:31 PM
From: benjamin Nworah
Subject: HA option for the Secondary node

Hello Daren,

Thank you for this important point.

But for the App host , i think i can only have one per high availability deployment. So in the event of fail over the App host should connect to the Secondary qradar using the VIP.? 

Correct me if i am wrong.

Regards,

------------------------------
benjamin Nworah

Original Message:
Sent: Mon January 25, 2021 01:02 PM
From: Darren H.
Subject: HA option for the Secondary node

Hello Benjamin,

Assuming you have a single all-in-one host, then the docs on implementing this should guide you. Not knowing your version and if this is virtualised or not, does make a difference. The basic install guide is here: IBM QRadar : Installation Guide - Chapter 2

Take a backup before you start.

You will need your license to support HA for this to complete and it should be on the primary console. If a pair of real hosts (you have not specified), you will also need both hosts to comply with the local network (or fibre) connectivity requirements for DRBD to do the file system synchronisation.

In essence, any HA setup is based on the secondary host (an HA appliance - type 500), being integrated to the primary.

Once the HA appliance is built, you will need to add it into the deployment to the first appliance in "System and License Management". There are HA options if you right click or select actions from the drop-down. If that goes normally, HA synchronisation starts after a reboot.

Depending on your setup, the systems then go into synchronisation. That can take a few hours or days, depending on the primary appliance size and your network speeds.

You can think of the two hosts in constant sync, so that whatever is on the primary host is on the secondary host. You should not need to do any manual work, but Apps do work differently and are not usually HA-aware, so caveat emptor if you have an App host.

Regards,

------------------------------
Darren H.

Original Message:
Sent: Mon January 25, 2021 12:13 PM
From: benjamin Nworah
Subject: HA option for the Secondary node

Hello experts,

Please when setting up secondary qradar for HA, what appliance type should i select as shown below:
1) Software install 
2) High Availability appliance

Where do I apply my HA activation key , is it on the primary or secondary?

Lastly when i setup HA between nodes, does my custom rules, log sources, offenses, assets, event and flow data get transferred (sync) from primary to secondary, or do i need to transfer some of these content using ContentManagement tool?

Thanks Experts, it is urgent!!

------------------------------
benjamin Nworah
------------------------------