Hi Benjamin,
Mario is right, normally you do an Appliance Install for VMWare and HyperV VMs during the installation. The installation type "Software" is only intended for the case when you use unsupported hardware, i.e. your own hardware or other hypervisors.
With the Appliance Install, QRadar takes care of the partitioning.
However, you do not need HA on virtual machines! HA only covers hardware failures, if the QRadar software has a failure, this is usually not covered by HA.
The only reason I can think of to set up an HA cluster on VMs is to test something.
Was this the answer you were looking for?
------------------------------
Kind regards
Oliver
------------------------------
Original Message:
Sent: Tue December 22, 2020 02:00 AM
From: Mario Sebastiani
Subject: Storage requirement for Secondary qradar (HA implementation)
Hello Benjamin,
I guess you are talking about virtual machines. Otherwise, if you are talking about physical QRadar appliances, you shouldn't worry about this topic since you must have two identical appliances to create HA cluster.
If you are talking about VM, you should consider that the needed total space on the secondary node is equal or greater than the primary disk space.
Let me try to explain with two samples:
1) VMs with only one disk, size 1TB -> Install the secondary as HA secondary node and let the installation procedure do its job
2) VMs with two disks each: Primary 300GB + 4TB, Secondary 300GB+6TB -> Install the secondary as HA secondary node and let the installation procedure do its job.
To recap: you need to verify that on the secondary node you have at least the same disk size of the primary, then let the installation procedure do its job.
To see the primary disks size I would suggest to use on that host
# lsblk -d
Hope this helps,
Mario
------------------------------
Mario Sebastiani
Original Message:
Sent: Mon December 21, 2020 10:49 AM
From: benjamin Nworah
Subject: Storage requirement for Secondary qradar (HA implementation)
Hello Experts,
How do i know the allocated disk space from QRadar. When i run the "df -h" i see a lot of partitions as attached.
what storage requirement to consider looking at the attachment.? Also see the below statement from qradar_ha_guide, how do i set the /store on my secondary to be equal or larger than the one on the primary node
***** Partition requirements for /store
The combined size of the /store and /transient partitions on the secondary host must be equal to or
larger than the /store partition on the primary host.
For example, do not pair a primary host that uses a 4 TB /store partition to a secondary host that has a 2
TB /store partition and a 1 TB /transient partition.
Storage requirements
Follow these storage requirements when you replace an appliance:
• Ensure that the replacement appliance includes storage capacity that is equal to or greater than the
original hardware you replace, and be at least 130 gigabytes (GB).
• Secondary replacement appliances can have larger storage capacity than the primary appliance. If so,
partitions on the secondary are resized to match the storage capacity on the primary appliance when
you configure the HA pair.
• Primary replacement appliances can have larger storage capacity than the secondary appliance. If so,
partitions on the primary are resized to match the storage capacity on the secondary appliance when
you configure the HA pair.
• If you replace both primary and secondary appliances, then the system resizes the storage partition
that is based on the appliance with the smallest capacity ********
Please experts i await your response. It is urgent. Thank You.
------------------------------
benjamin Nworah
------------------------------