IBM Guardium

IBM Guardium

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only
Back to discussions
Expand all | Collapse all

Guardium Central Manager - High Availability

  • 1.  Guardium Central Manager - High Availability

    Posted Wed September 09, 2020 01:06 AM
    hi,

    Can you tell me how to configure HA for Guardium Central Manager?
    How many ip's it needs and do we need any virutual IP to take Central manager once HA is configured?
    Please suggest and it is very urgent.

    Thanks,
    Panendar Rao.C

    ------------------------------
    PHANENDRA RAO CHAVANA
    ------------------------------


  • 2.  RE: Guardium Central Manager - High Availability

    Posted Wed September 09, 2020 03:55 AM

    Hi,
    You can promote CM backup (from UI - Central Manager app, from cli - grdapi backup_cm_set)

    Both appliances must be on this same patch level!

    Check documentation for more details.



    ------------------------------
    Zbigniew (Zibi) Szmigiero
    IBM
    Międzyrzecz
    ------------------------------

    Original Message


  • 3.  RE: Guardium Central Manager - High Availability

    Posted Tue September 15, 2020 04:35 AM
    hi,

    Thanks. Do we need virtual IP if we configure HA for Guardium Central manager?

    Thanks,
    Panendar Rao.C

    ------------------------------
    PHANENDRA RAO CHAVANA
    ------------------------------

    Original Message


  • 4.  RE: Guardium Central Manager - High Availability

    Posted Tue September 15, 2020 04:45 AM

    Nope, there is no VIP in this configuration

    CM backup synchronizes with CM primary in 30 minutes schedule.

    There is no automatic switch over between CM's

    Guardium admin must manually promote the CM backup as primary. For very large environment is it very long process.



    ------------------------------
    Zbigniew (Zibi) Szmigiero
    IBM
    Międzyrzecz
    ------------------------------

    Original Message


  • 5.  RE: Guardium Central Manager - High Availability

    Posted Wed September 16, 2020 05:31 AM
    Edited by PHANENDRA RAO CHAVANA Wed September 16, 2020 05:32 AM
    hi Zibi,

    Thank you so much for your help, I have one more query please find it below:


    I have installed two aggregators and converted to central manager(store unit type manager). When i try to register the second central manager to first one to add it as Backup CM - am getting this error(Unit returned: The requested operation is not allowed for the unit type - Unit unregister)

    Do we need to register the Aggregator and then try to make it as Backup CM?
    After making Aggregator as Backup CM, can we convert it to Central manager or else should we keep Backup CM as Aggregator?
    What is the time frequency between Primary CM and Backup CM for synchronizing automatically?


    Thanks,
    Panendar Rao.C

    ------------------------------
    PHANENDRA RAO CHAVANA
    ------------------------------

    Original Message


  • 6.  RE: Guardium Central Manager - High Availability

    Posted Wed September 16, 2020 06:14 AM
    Hi,

    Flow looks like that:
    - Setup primary CM
    - Register aggregator to primary CM
    - set assigned aggregator as CM backup

    ------------------------------
    Zbigniew (Zibi) Szmigiero
    IBM
    Międzyrzecz
    ------------------------------

    Original Message


  • 7.  RE: Guardium Central Manager - High Availability

    Posted Wed September 16, 2020 06:26 AM
    hi,

    So once we make aggregator as Backup CM, we need not make that Aggregator into Central Manager using(store unit type manger)?

    I have converted Aggregator into Central Manager before registering into Primary CM?
    Is there way to revert Central Manager to Aggregator?

    Thanks,
    Panendar Rao.C

    ------------------------------
    PHANENDRA RAO CHAVANA
    ------------------------------

    Original Message


  • 8.  RE: Guardium Central Manager - High Availability

    Posted Thu September 17, 2020 03:21 AM
    Hi,
    Maybe my answer was not clear:

    1. Install aggregator and set it ac CM using store unit type (it will be primary CM)
    2. Install second aggregator and join it to primary CM (using register command)
    3. From CM primary point the second aggregator as CM backup

    ------------------------------
    Zbigniew (Zibi) Szmigiero
    IBM
    Międzyrzecz
    ------------------------------

    Original Message


  • 9.  RE: Guardium Central Manager - High Availability

    Posted Thu September 17, 2020 03:23 AM
    To revert aggregator from CM function to standard one use command:
    store unit type standalone
    it should work

    ------------------------------
    Zbigniew (Zibi) Szmigiero
    IBM
    Międzyrzecz
    ------------------------------

    Original Message


  • 10.  RE: Guardium Central Manager - High Availability
    Best Answer

    Posted Mon September 21, 2020 01:01 AM
    Edited by PHANENDRA RAO CHAVANA Mon September 21, 2020 02:31 AM
    hi Zibi,

    We should use below command for converting in to standalone

    delete unit type manager

    Thanks,
    Panendar Rao.C

    ------------------------------
    PHANENDRA RAO CHAVANA
    ------------------------------

    Original Message


  • 11.  RE: Guardium Central Manager - High Availability

    Posted Mon January 24, 2022 10:01 AM
    please ,

    i have  2 sites  HQ && DR 
    I have  2 Collector  && 1 Agg/CM  in  HQ 
    I have  1 Collector &&  1 Agg/CM  in  DR
    what is best scenario for High Availability  &&  disaster recovery with these VMs or suggest recommended Archtecture ?? 
    thanks in advance


    ------------------------------
    kamal ghanem
    ------------------------------

    Original Message


Related Content