High Availability Overview
Chronicle SOAR provides multiple deployment modes with high-availability clusters to ensure the constant availability of services. There are two layers involved in the Chronicle SOAR High Availability mechanism:
- Application HA cluster
- Database HA cluster
The two clusters work in a primary/secondary configuration, allowing automatic activation of Chronicle SOAR application and DB on another node if it failed for any reason (e.g hardware failure).
The overall architecture is demonstrated in the following diagram:
Chronicle SOAR High-Availability deployment contains the following components:
Application cluster
- Application Primary Server
- Application Secondary Server
- Virtual IP/Load Balancer
- Database cluster (based on PostgreSQL v10)*
- Database Primary Server
- Database Secondary Server
The Chronicle SOAR High Availability solution uses the following tools:
Database Cluster Tools
Repmgr (version 5.0) is an
open-source tool suite for managing replication and failover in a cluster of
PostgreSQL servers.
Application Cluster Tools
Pacemaker (version
1.1.19-8.el7_6.5) is an open-source high availability resource manager
software used to manage resources, and ensure that they remain available in
the event of a node failure
Corosync
is an open source program that provides cluster membership and messaging
capabilities, often referred to as the messaging layer.
Virtual IP as a
load balancer – Cloud service or Pacemaker capability.
Linux cron utility
is used to detect the active primary DB for the connection string.