Centrify DirectAudit 3.x
Does Centrify have any Disaster Recovery Best Practices for DirectAudit? Consider the following scenario.
When writing to an Audit Store in a location, if the Audit Store server were to go down. Now the Audit Management Server is critical to functions like
"Find Sessions" and reporting functionality. If the Audit Store database is backed up using a backup software & even if the server is no longer available, would the following be feasible?
1) If the database is restored unto another server, would it be possible to:
a) Attach the database to Audit Manager and still do Find Session queries?
b) Attach the database to Audit Manager and still write to it?.
If customer has two data centers; one in site A and other one is in Site B. The DA installation’s management database is located in
Site A and it is being used by Audit Analyzer and FindSessions tool to generate reports.
Its possible to Implement a DR (Disaster Recovery) environment so that if management database in Site A goes down, the Audit Analyzer and FindSessions will continue to work.
1. A new DA installation needs to be setup in Site B data center. This installation will not have any collectors or agents talking to it. It can be
called DADR in this KB article (it stands for DirectAudit Disaster Recovery). This installation will be purely used for session replaying (Audit Analyzer)
and reporting (FindSessions) in case if main DA installation goes down.
2. Customer should make sure there is an identical Audit Stores (in terms of name and scope) in both main DA installation and DADR.
There is no need to create any active Audit Store databases inside Audit Stores for DADR.
3. Also there should be identical Audit Roles in both main DA installation and DADR installation.
4. Now each Audit Store database can be attached in every Audit Store of main DA installation to the corresponding Audit Store in DADR installation. While attaching these databases, the “Set as active” checkbox should be unchecked. Since databases are attached that belong to another installation, the wizard will show some warnings which can be safely ignored.
How this works:
1. The DADR installation is not collecting any data; it is simply using the data from the main DA installation for reading purpose.
2. If main DA installation goes down, customer can start running their consoles/reports against the DADR installation until the main DA installation is restored.
Note: The above steps were provided as a courtesy.