Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Primary JSA Console and Backup JSA Console

 

When the primary JSA console fails and you want the backup JSA console to take up the role of the primary, you switch to the backup console, apply the configuration backup, and use the IP address from the primary. Use a similar switchover method for other appliances such as a JSA flow processor or an Event Collector, where each appliance has a backup or spare that is an identical appliance.

The backup console takes over the primary JSA console role from the time of activation, and does not store past events, flow, or offenses from the original primary JSA console. Use this type of deployment for your appliances to minimize downtime when a hardware failure occurs.

  • A backup console requires its own dedicated license key (matching the EPS and FPM values of the primary console).

  • The license configuration of the backup console needs to match the values of the primary JSA console; this includes the EPS and FPS values of the primary JSA console.

  • There are special failover upgrade parts that need to be purchased for the backup console.

  • From a technical perspective, the license for both the primary and backup consoles are identical, however for compliance reasons the backup console (and associated license) can't process live data unless a failure occurs on the primary JSA console.

  • Data that is collected by the backup console needs to be copied back to the Primary console when the Primary console becomes functional.

If the primary fails, take the following steps to set up the backup console as the primary JSA console:

  1. Power on the backup console.

  2. Add the IP address from the primary console.

  3. Restore configuration backup data from the primary console to the backup console.

The backup console functions as the primary console until the primary console is brought back online. Ensure that both servers are not online at the same time.

Configuring the IP Address on the Backup Console

When the primary JSA console fails, you configure the secondary backup console to take on the primary console role. Add the IP address of the failed JSA console to the backup console so that your JSA system continues to function.

Power on the backup console.

  1. Use SSH to log in to as the root user.
  2. To configure the IP address on the backup console, follow these steps:
    1. Type the following command:

      qchange_netsetup

    2. Follow the instructions in the wizard to enter the configuration parameters.

      After the requested changes are processed, the JSA system automatically shuts down and restarts.

Backup and Recovery

Back up your JSA configuration information and data so that you can recover from a system failure or data loss.

Use the backup and recovery that is built-in to JSA to back up your data. However, you must restore the data manually. By default, JSA creates a daily backup archive of your configuration information at midnight. The backup archive includes configuration information, generated data, or both from the previous day.

You can create the following types of backup:

  • Configuration backups, which include system configuration data, for example, assets and log sources in your JSA deployment.

  • Data backups, which include information that is generated by a working JSA deployment such as log information or event dates.

For more information about backing up and recovering your data, see the Juniper Secure Analytics Administration Guide.