How to configure Netwrix Auditor in failover mode?

Setup and Configuration
9.0-9.7
9.8
https://kb.netwrix.com/591
Copy Article URL Copied

How to configure Netwrix Auditor in failover mode to minimize the downtime and risk of losing audit data in case of outage?


1. Preparation

  • Install Netwrix Auditor on a virtual machine. If Netwrix Auditor is already installed on a physical machine, consider migrating it to a virtual box. Some vendors support “physical to VM” migration.
  • Configure the Long Term Archive to be stored on a remote location, e.g. shared iSCSI volume. Refer to the following Netwrix knowledge base article for instructions on how to move Long-term Archive to a new location: How to move Long-Term Archive to a new location (Netwrix Auditor 9.0 and above).

2. Backup & Failover

  • Ensure that the volume under Audit Archive and Temp storage is redundant enough to survive failure.
  • Use the features provided by your virtualization vendor to ensure zero-downtime of Netwrix Auditor machine (like HyperV Live Migration or VMware VMotion.)

Alternative scenarios:

Backup

  • Ensure that the volume under Audit Archive and Temp storage is redundant enough to survive failure.
  • Once Netwrix Auditor is up a fully operational, back up the virtual machine. You can configure backup as often as every hour (differential backups for example with 1 daily full).
  • Set up regular backups of Netwrix Auditor configuration file: on the machine where Netwrix Auditor Server is installed, navigate to %ProgramData%\Netwrix Auditor\AuditCore\ConfigServer and save the Configuration.xml file to any location, i.e. backup the exact file and do not execute procedure to import/export configuration).

Failover

  • Restore the Netwrix Auditor machine from snapshot.
  • Restore the configuration.
Go Up