Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Configuring Control Of Secondary Interfaces in HA Deployments

 

If you use iSCSI and a dedicated network interface in a high-availability (HA) deployment, you must ensure that the secondary interface is not managed by the HA process. Configure the management of the secondary interface to ensure that in the event of a failover to the secondary HA host, the interface always remains active.

Ensure that the following conditions are met:

  • Separate IP addresses for the dedicated iSCSI network interface on each of the HA servers.

    Separate IP addresses prevent IP address conflicts when the network interfaces are active on both HA hosts at the same time. The iSCSI software and drivers can access the external storage at startup and during the HA failover. Also, the external volume can be successfully mounted when the HA node switches from standby to active.

  • The primary and secondary appliances are configured.

    For more information, see the Juniper Secure Analytics High Availability Guide.

  • iSCSI storage is configured.

  • NetworkManager is disabled by typing the command systemctl status NetworkManager

  1. On the primary host, use SSH to log in to the JSA console as the root user.
  2. Disable the JSA HA service control of network interface.
    1. Go to the /opt/qradar/ha/interfaces/ directory

      The directory contains a list of files that are named ifcfg-ethN. One file exists for each interface that is controlled by JSA HA processes.

    2. Delete the file that is used to access your ISCSI storage network.

      Deleting the file removes control of the interface from the HA processes.

  3. Re-enable operating system-level control of the network interfaces.
    1. Go to the /etc/sysconfig/network-scripts/ifcfg-ethN directory.

    2. Open the ifcfg-ethN file for the interface that connects to your ISCSI network.

    3. To ensure that the network interface is always active, change the value for the ONBOOT parameter to ONBOOT=yes.

  4. To restart the iSCSI services, type the following command:

    systemctl restart iscsi

  5. Repeat these steps for the HA secondary appliance.
  6. Optional: To test access to your ISCSI storage from your secondary appliance, use the ping command:

    ping iscsi_server_ip_address