Why do we need a DR Solution?
In the rapidly evolving tech landscape, having smooth disaster recovery processes isn't just essential—it's a strategic edge. Besides providing assurance, robust disaster recovery capabilities are crucial for meeting audit checks, compliance requirements, and real-time demands, ensuring your business remains resilient and competitive in any situation.
There are countless challenges that appear when you set out to perform disaster recovery processes manually. It ranges from data entry errors to delay in execution and each manual input increases the risk of disruptions and type-in error possibilities. Another challenge we identified is in the 1:1 mapping solution which again required clients to maintain identical infrastructure of the main site to the DR site. This leads its way to high costs on both the hardware and maintenance front. This was solved using an automated Console-Only DR script which ruled out the need to manually execute steps and in turn leads to reduction in chances of manual error.
What's new? Two birds with one stone!
Great, so we have an automated script that does the work for us and is the perfect solution. However, there was still a bird, or rather two, that our stone did not manage to hit. The Console-Only DR solution via automated script still can present challenges like - lack of flexibility for unique or unexpected scenarios, dependency on accurate input data, etc. The other bird we wanted to address is the user friendly experience that was still lacking within this solution. To address these two identified pain points we aimed at finding a suitable solution, here's what we came up with -
Empowering administrators to formulate the Disaster Recovery plan by deploying the console-only at the DR site, resulting in a significant reduction in infrastructure costs, and executing all operations through an intuitive user interface on the DS App.
You can look at the following benefits that our users will enjoy with this update:
- Achieve the DR without the need to do failover for each MH (Managed Host) reducing the technical complexity & cost
- Minimises the necessity for executing multiple console commands, which are error-prone, and ensures that all steps are performed through a user-friendly interface
- Aids customers in achieving compliance requirements with significantly reduced costs and maintenance efforts at the disaster recovery site
- Simple installation/upgrade from the IBM Security App Exchange
Architecture and Requirements
Environment:
- The application requires a mirrored version of the QRadar main site console with the DR site console.
- High Availability (HA) for the console is required. You can have the main console in HA and the destination console non-HA.
- Network access between main console to MH and DR Console to MH.
- QRadar version upwards from UP9
Environment type (hardware/virtual/cloud)
The main site can constitute of entirely on-prem hardware and destination can be virtual or on cloud (AWS, Azure, etc) and vice versa.
The figure shown below demonstrates the high level architecture for the DR activities via the DS App during the initial setup and after failover. Note that the DC - QRadar Console goes into standby mode after failover and the DR - QRadar Console becomes active which then takes control of the managed hosts.
Figure 1: Diagram which depicts the architecture for console-only DR solution
Frequently Asked Questions:
Can we have any Managed Host on DR site?
No. Since this is a Console-Only-Dr solution, DR site must have only Console & the specification should be identical to the console of main site.
Can DS App be used in a combination with cloud & on-prem setup?
Yes, it can work with some configurations such as an opening proper port number, creating SSH connection between on-prem and cloud console.
Will this work for the deployment which has HA on main site?
Yes, this will work even when main site has HA but when this is executed it will deactivate HA on main site automatically and the process starts ahead.
What will be the status of an OFFENsE when restored at DR site?
All offenses will be in closed state.
Where are the specific application logs located?
Any issue around Data Sync App can be traced using /store/docker/volumes/qapp-<app_id>/log/app.log and qradar issues can be traced using /var/log/qradar.log
Do I need to buy another license for Console-Only-DR if I have QRadar Suite entitlement?
No, if QRadar Suite entitlement is bought then it is already included as part of the entitlement.
What are you waiting for?
Try out the functionality via the Data Synchronization App now! Read the official documentation for console-only DR.