IBM Security Guardium

Expand all | Collapse all

Guardium Central Manager - High Availability

Jump to Best Answer
  • 1.  Guardium Central Manager - High Availability

    Posted 21 days ago
    hi,

    Can you tell me how to configure HA for Guardium Central Manager?
    How many ip's it needs and do we need any virutual IP to take Central manager once HA is configured?
    Please suggest and it is very urgent.

    Thanks,
    Panendar Rao.C

    ------------------------------
    PHANENDRA RAO CHAVANA
    ------------------------------


  • 2.  RE: Guardium Central Manager - High Availability

    Posted 21 days ago

    Hi,
    You can promote CM backup (from UI - Central Manager app, from cli - grdapi backup_cm_set)

    Both appliances must be on this same patch level!

    Check documentation for more details.



    ------------------------------
    Zbigniew (Zibi) Szmigiero
    IBM
    Międzyrzecz
    ------------------------------



  • 3.  RE: Guardium Central Manager - High Availability

    Posted 15 days ago
    hi,

    Thanks. Do we need virtual IP if we configure HA for Guardium Central manager?

    Thanks,
    Panendar Rao.C

    ------------------------------
    PHANENDRA RAO CHAVANA
    ------------------------------



  • 4.  RE: Guardium Central Manager - High Availability

    Posted 15 days ago

    Nope, there is no VIP in this configuration

    CM backup synchronizes with CM primary in 30 minutes schedule.

    There is no automatic switch over between CM's

    Guardium admin must manually promote the CM backup as primary. For very large environment is it very long process.



    ------------------------------
    Zbigniew (Zibi) Szmigiero
    IBM
    Międzyrzecz
    ------------------------------



  • 5.  RE: Guardium Central Manager - High Availability

    Posted 14 days ago
    Edited by PHANENDRA RAO CHAVANA 14 days ago
    hi Zibi,

    Thank you so much for your help, I have one more query please find it below:


    I have installed two aggregators and converted to central manager(store unit type manager). When i try to register the second central manager to first one to add it as Backup CM - am getting this error(Unit returned: The requested operation is not allowed for the unit type - Unit unregister)

    Do we need to register the Aggregator and then try to make it as Backup CM?
    After making Aggregator as Backup CM, can we convert it to Central manager or else should we keep Backup CM as Aggregator?
    What is the time frequency between Primary CM and Backup CM for synchronizing automatically?


    Thanks,
    Panendar Rao.C

    ------------------------------
    PHANENDRA RAO CHAVANA
    ------------------------------



  • 6.  RE: Guardium Central Manager - High Availability

    Posted 14 days ago
    Hi,

    Flow looks like that:
    - Setup primary CM
    - Register aggregator to primary CM
    - set assigned aggregator as CM backup

    ------------------------------
    Zbigniew (Zibi) Szmigiero
    IBM
    Międzyrzecz
    ------------------------------



  • 7.  RE: Guardium Central Manager - High Availability

    Posted 14 days ago
    hi,

    So once we make aggregator as Backup CM, we need not make that Aggregator into Central Manager using(store unit type manger)?

    I have converted Aggregator into Central Manager before registering into Primary CM?
    Is there way to revert Central Manager to Aggregator?

    Thanks,
    Panendar Rao.C

    ------------------------------
    PHANENDRA RAO CHAVANA
    ------------------------------



  • 8.  RE: Guardium Central Manager - High Availability

    Posted 13 days ago
    Hi,
    Maybe my answer was not clear:

    1. Install aggregator and set it ac CM using store unit type (it will be primary CM)
    2. Install second aggregator and join it to primary CM (using register command)
    3. From CM primary point the second aggregator as CM backup

    ------------------------------
    Zbigniew (Zibi) Szmigiero
    IBM
    Międzyrzecz
    ------------------------------



  • 9.  RE: Guardium Central Manager - High Availability

    Posted 13 days ago
    To revert aggregator from CM function to standard one use command:
    store unit type standalone
    it should work

    ------------------------------
    Zbigniew (Zibi) Szmigiero
    IBM
    Międzyrzecz
    ------------------------------



  • 10.  RE: Guardium Central Manager - High Availability
    Best Answer

    Posted 9 days ago
    Edited by PHANENDRA RAO CHAVANA 9 days ago
    hi Zibi,

    We should use below command for converting in to standalone

    delete unit type manager

    Thanks,
    Panendar Rao.C

    ------------------------------
    PHANENDRA RAO CHAVANA
    ------------------------------