IBM Security Guardium

 View Only
  • 1.  Identifying the initial node in a GDE 4.0.0.1 cluster

    Posted Thu May 16, 2024 11:36 AM

    Hi everyone,

    Hope you can enlighten me on this.

    We are planning to upgrade a GDE 4.0.0.1 DSM Cluster to 4.0.0.4 then from 4.0.0.4 to 4.0.0.9. This i for migrating to a GDE 5.1.0 (CTM).

    The documentation mentions that the upgrade should be done on the initial node. The steps are:

    1. Break the DSM Cluster
      1. Remove the fail-over nodes on the initial node
      2. Cleanup the HA configuration on the fail-over nodes
    2. Upgrade the initial node
    3. Upgrade the fail-over nodes
    4. Rebuild the cluster

    I am not the one who built the environment and the team members can't find the old records for this so I do not have any idea which the initial node is.

    My question is, how can I identify which is the initial node?

    On GDE 3.0, it is easier to check because you can only apply changes on the initial node and the fail-over nodes are in READ ONLY mode by default. However, from what I have observed in GDE 4.0, the fail-over nodes are no longer in READ ONLY.

    Are there indicators that I may have missed on the GUI?

    When I run ha >> show on the console, I get the list of nodes, but it seemed that it is only arranged alphabetically and no indicators on which the initial node is.

    Thank you

    -Julius



    ------------------------------
    Julius Ballesteros
    ------------------------------


  • 2.  RE: Identifying the initial node in a GDE 4.0.0.1 cluster

    IBM Champion
    Posted Thu May 16, 2024 11:49 AM

    Hi @Julius Ballesteros,

    As mentioned in another thread, these instructions are for in-place upgrade which isn't offered. Going from 4x to 5x requires a re-host and migrate. No breaking of the DSM Cluster is necessary. You'll stand up new CTMs and migrate by way of taking a backup of DSM and importing into CTM. https://thalesdocs.com/ctp/cm/latest/get_started/dsm-migration/index.html

    To answer your question about how to tell which node is primary, you can go to 'High Availability Servers' in the DSM interface and view the HA Topology.



    ------------------------------
    Wendy Zemba
    Sr. Consultant, Data Protection
    wendy.zemba@convergetp.com
    Converge Technology Solutions

    Need help with your Guardium deployment? Contact me directly to discuss engagement opportunities. Currently serving North America.
    ------------------------------



  • 3.  RE: Identifying the initial node in a GDE 4.0.0.1 cluster

    Posted Fri May 17, 2024 12:30 AM
    Edited by Julius Ballesteros Fri May 17, 2024 07:22 AM
      |   view attached

    Hello Wendy,

    Thank you for the reply.

    I already checked the HA Topology, but from the picture shown I can't really tell the which is the initial node.

    Uploaded the file on this thread. It is only hostnames found under the black box.

    EDIT: I have created a test GDE 4 cluster, this time I made a change on the naming scheme so I would not be confused if the ha >> show command, displays the list in alphabetical order.

    From what I have observed, the initial node always appears on top regardless. I ran the command on both initial and failover node.

    So I think, the ha >> show would always display the node 1 or initial node on top.

    ------------------------------
    Julius Ballesteros
    ------------------------------



  • 4.  RE: Identifying the initial node in a GDE 4.0.0.1 cluster

    IBM Champion
    Posted Fri May 17, 2024 09:27 AM

    @Julius Ballesteros,

    The recommendation is also to have all your CTE agents pointing to the primary, so you could look at HA Servers tab and select each one to determine where the CTE agents are attached. Main point is you don't need to break nodes to upgrade to v5.x because it's a re-host and migrate situation, but the primary node is the node that you'll want to backup and restore when you migrate. Once you are on v5.x, your upgrade method will be to break HA, so that will be an opportunity to identify the nodes better when you plan for your CTM deployment.



    ------------------------------
    Wendy Zemba
    Sr. Consultant, Data Protection
    wendy.zemba@convergetp.com
    Converge Technology Solutions

    Need help with your Guardium deployment? Contact me directly to discuss engagement opportunities. Currently serving North America.
    ------------------------------