We were talking about a standard failover cluster with shared storage, so that would be a single LUN on the FC-attached SAN storage where /store partition would be mounted and in case a failure of the primary (active) host occurs the secondary (passive) host would take over and automatically mount the /store partition on the FC-attached LUN. (see
Offboard storage requirements for HA). *In the
Offboard storage guide that was referenced above in the section dedicated to moving /store to FC you can also find this sentence "
To use multipath Fibre Channel storage in a high-availability (HA) environment, you must configure the primary HA host and the secondary HA host to use the same storage partition.")
Now, for any solution to be supported you need to work with your IBM architect.
That said, it is not possible for me to resolve this is this way (I do not know all the components you have or particularities of the systems you have). I can only give few comments :
- I heard few years ago a comment from someone who was close to development in a similar matter, and the message was that if shared storage must be used then you should enable access to this secondary volume outside of VMware (so either by SCSI connectivity or dedicated/emulated FC controller). This is generally in line with what RedHat says for cluster shared storage config in
support for RHEL HA cluster with VM members).
- When using ext. SAN storage then you need to count-in also multipathing; I recall some time ago (in non-QRadar implementation) that the multipath config we could use within VMware differed from what the storage vendor supported - which created problems in device mapping
- Wondering what's the case behind using two QRadar VMs on a single host for HA ?
- In your case I would probably go back to the beginning and follow step steps from the guide for FC storage attachment and moving the /store to ext. LUN; also, I think consulting RedHat documentation regarding HA clustering and ext. storage could help.
------------------------------
Dusan VIDOVIC
------------------------------
Original Message:
Sent: Fri September 23, 2022 07:28 AM
From: Jaswinder Singh
Subject: EXTERNAL STORAGE
Hi
@Dusan VIDOVIC,
Based on your response.
we wanted to know whether above scenario is possible with single shared storage between two VM's on Separate physical host using Fibre Channel with SAN Storage.
do we need 30 TB shared storage single storage attached with both Physical Server or 2x30 TB storage? 30 TB with Server 1 and another 30 TB with server 2
we are also using VMware ESXi where we are using below settings
Virtual Machine - 1(Physical Server - 1)HDD1Type : Thin Provisioned
Disk File : QRadar_VM1_1.vmdk
Shares : Normal
Limit - IOPs : Unlimited
Controller location : SCSI Controller 1
Disk mode : Dependent
HDD2 (Shared /store by Raw Disk Mapping)Disk File : QRadar_VM1_2.vmdk
Controller location : SCSI Controller 1
Disk Mode : Independent - persistent
Disk compatibility : Physical
Virtual Machine - 2 (Physical Server - 2)HDD1Type : Thin Provisioned
Disk File : QRadar_VM2_1.vmdk
Shares : Normal
Limit - IOPs : Unlimited
Controller location : SCSI Controller 1
Disk mode : Dependent
HDD2 (Shared /store by Raw Disk Mapping)Disk File : QRadar_VM1_2.vmdk
Controller location : SCSI Controller 1
Disk Mode : Independent - persistent
Disk compatibility : Physical
Output to validate FC [root@QRTEST01 ~]# ls -l /dev/disk/by-path/*-fc-*
ls: cannot access /dev/disk/by-path/*-fc-*: No such file or directory
[root@QRTEST01 ~]#
Additionally can we do this on single Physical server with shared storage?
below issue happened when we was using 2 VM on same Physical host.
i followed all steps from the storage offboard Guide but after adding Both host to HA. Primary and Secondary QRadar machine shows offline state.
[root@QRTEST01-primary ~]# /opt/qradar/ha/bin/ha cstate
Local: R:PRIMARY
S:OFFLINE/SYNCHRONIZING CS:NONE P:1.0 HBC:UP RTT:1 I:0 SI:3527750
Remote: R:SECONDARY
S:OFFLINE/INSTALL CS:NONE P:0.0 HBC:UP RTT:1 I:12921 SI:32721246
Please Help how this issue can be resolve
------------------------------
Jaswinder Singh
Original Message:
Sent: Tue September 17, 2019 05:48 AM
From: Dusan VIDOVIC
Subject: EXTERNAL STORAGE
I am not sure at which point you encountered the problem - on QRadar or on vSphere's RDM ?
As mentioned, QRadar can be implemented in HA config either using shared SAN storage (FC, iSCSI) or DRBD ("Distributed Replicated Block Device"). If distance, connection and data volume allows it, it is probably best to opt for DRBD when vSphere is used (as you would avoid potential obstacles on the storage side through vSphere stack). That said, if you go with shared storage and RDM (I assume it is on two VMs on separate physical hosts?), make sure you are using pass-through (physical compatibility mode) RDM. For QRadar HA, /store would be mounted on the external device, and your primary and secondary QRadar instances should be configured to communicate wit that external device, but /store would be mounted on one host and only in case of failover to the other host.
There are QRadar High Availability Guide and QRadar Offboard Storage Guide which should provide good guidance for the implementation.
------------------------------
Dusan VIDOVIC
Original Message:
Sent: Mon September 16, 2019 05:24 AM
From: THROUGH
Subject: EXTERNAL STORAGE
Hi everyone,
the scenario is the following: I got to add an external disk to my qradar appliance in such a way between two event processors each other in HA.
the problem is right this: to add it to that the only way you can do it is to add it through ISCSI as cited also in the guides IBM, but my problem is that adding it to my vcenter specifically as a RDM that is virtual disk it can be reached just only local so just one processor instead i need it reached even from the other.
Any advice to do it?
------------------------------
THROUGH
------------------------------