Clustering ArcSight Components in Windows Environment

Summary:

The document provides a detailed guide to deploying ArcSight ESM with high availability on Windows by setting up a cluster of redundant servers using Veritas Cluster Server (VCS). Key steps include configuring shared storage for ArcSight Database software installation, Oracle 11g database setup, and managing resources through VCS failover capabilities. The paper emphasizes the importance of following version-specific install guides for detailed procedures in setting up the system.

Details:

This document outlines the steps for deploying ArcSight ESM for high availability on Windows, utilizing redundant hardware and third-party tools like Veritas Cluster Server (VCS). It explains that by setting up a cluster of servers with redundant components, the system's downtime due to component failure can be minimized. The paper focuses on configuring failover capabilities within the ArcSight ESM setup, using VCS for managing resources across multiple nodes in case one fails. Key steps include downloading and installing ArcSight Database software, creating a user account, setting up shared storage, and proceeding with the Oracle 11g database installation as per standard guidelines. The document highlights that all these procedures are detailed in version-specific install guides, which should be used as primary reference documents for any further assistance during setup or troubleshooting. To install an ArcSight database on two systems with shared storage, follow these steps: 1. **Prepare Control Files and Redo Logs**: Install all necessary control files and redo logs on the shared storage. 2. **Configure TNS Clients**: In the allowed TNS clients list, add the Virtual IP address of the database as well as the IPs of both manager systems. 3. **Install Database Software**: On System B using the arcSight user, navigate to `$ArcSight_Home/bin` and run the database setup script to install Oracle 11g software. 4. **Copy Configuration Files**: Copy over the contents of `Oracle_Home\NETWORK\ADMIN\` from System A to System B, and move these folders:

• `$Oracle_Home\database`

• `$Oracle_Home\dbs`

• `D:\oracle\admin\arcSight` (if applicable)

5. **Create Symbolic Links**: On both systems, create links to the same locations on shared storage by deleting existing folders before creating new ones using commands like: ```shell Mklink /D $Oracle_Home\database \database Mklink /D $Oracle_Home\dbs \dbs Mklink /D D:\oracle\admin\arcSight \arcSight ``` 6. **Failover Resources**: Perform these steps on the second node after creating links. 7. **Install Oracle Services**: Run the following commands from `$Oracle_Home/Bin` to install Oracle services:

• `ORADIM -NEW -SID ARCSIGHT -STARTMODE AUTO`

• `LSNRCTL start ARCSIGHT`

8. **Start Services**: Ensure the Oracle service and TNS listener services are running on both systems. 9. **Cluster Management**: Once services are operational, add them to appropriate groups for clustering in ArcSight Manager. 10. **ArcSight Manager Installation**: Continue with the installation process by downloading and configuring ArcSight manager as per the provided instructions. The provided text outlines a detailed process for installing and configuring ArcSight components, specifically focusing on setting up an ArcSight Manager server and its associated Partition Archiver service. Here's a summarized version of the steps mentioned: 1. **Setup ArcSight Manager Server:**

• Download software from the ArcSight Software site.

• Move all resources to the first node.

• Install the ArcSight manager software on shared storage, using the Virtual IP address for hostname mapping during installation.

• Start up the manager and validate connectivity via the ESM console, ensuring the hostname matches the Virtual IP.

• Shut down the manager and fail over to the second node.

• On the second node, install the Windows service for the ESM manager using the command: `arcsight managersvc64 –i`. This completes the installation on both nodes.

2. **ArcSight Partition Archiver Installation:**

• Ensure all resources are assigned to the first database server node.

• Log in as the ArcSight user and copy the `cacerts` file from the manager to the database server's `$ArcSight_Home\jre\lib\security` location.

• Open a command window, navigate to `$ArcSight_Home\BIN`, and run: `arcsight agentsetup –w`. Follow on-screen instructions to install the partition archiver service on the first node.

• Fail over resources to the second database server and repeat the process by running: `arcsight agentsvc –i` from `$ArcSight_Home\BIN`. This completes the installation of the Partition Archiver service on both nodes.

The summary highlights the setup, configuration, and failover procedures for both the ArcSight Manager and its associated archiving component, ensuring high availability and seamless operation across two server nodes.