Recovery Solution for JSA Deployments
Maintaining data redundancy is crucial to resiliency and recovery from data loss. There are a wide variety of solutions that are currently deployed in the field to prevent and recover from data loss, and vary greatly in terms of complexity, cost, and effectiveness. JSA provides the QRadar Data Synchronization app as a solution to maintain your configuration and data during a failure of you main site.
QRadar Data Synchronization App
The QRadar Data Synchronization app mirrors your data to another identical system. It is possible to maintain configurations and data when you have two identical JSA systems in separate geographic environments that are a mirror of each other. Data is collected at both sites and ensures operations can continue to function as normally as possible in scenarios when your main site fails.
QRadar Data Synchronization forwards live data, for example, flows and events from the main site's JSA to a parallel destination site. You can set up data synchronization with deployments that are in different geographical locations.
To use the QRadar Data Synchronization app, the main site and destination site deployments must be running JSA 7.4.0 FixPack 3 or later. The destination site must be a fully duplicated deployment (1:1 host ratio) for hosts that contain or collect Ariel (event and flow) data. This includes Event Processors, Flow Processors, All in one Event Processors and Flow Processors, Event Collectors, Flow Processors, consoles, and data nodes. However, JSA Risk Manager, JSA Vulnerability Manager, and QRadar App Host do not require 1:1 mapping.
A high-availability (HA) cluster is considered one host and the Data Synchronization app supports a HA cluster that is paired with a non-HA host.
App data backup is currently not available using the Data Synchronization app.