cancel
Showing results for 
Search instead for 
Did you mean: 

How to Setup a TIE Master and Slave

Introduction

This article is designed to help you install two TIE servers, one master, and one slave. This setup is the minimum requirement for any production or pilot rollout of TIE, as it provides redundancy for the TIE database (depending on the size of your organization, you might need more than this). In an emergency, the slave server can be "promoted" to become the TIE master and as it holds an exact replica of your TIE database, you would not lose any data.

 

27-tie-building-block.png

 

 

General Setup

 

To get started, you will have to deploy the TIE OVA VM package to two VM servers. It is recommended that these two servers are "on the same network", meaning they should have a fast (LAN speed) link and no firewall between them.

 

20-esx-servers.png

Start with the server that should become your TIE master and follow the initial screen prompts to give the machine a root password, IP, GW and DNS.

 

If you would like more details on the general setup, please click here.

 

Make note of the "Operational Account" as this will be the account that the slave server will use to connect to the master later.

 

02-set-admin-password.png

 

 

 

TIE Master

 

Once you reach the "Service Selection" screen, make sure to select both, the "DXL Broker" as well as the "TIE Server" options.

 

10-services-master.png

 

Next, you need to select "M" for the "Master" server option. No further configuration is needed for the master server. Proceed to the next step in the wizard and finish the installation.

 

11-tie-mode-master.png

 

TIE Slave

 

Repeat the same general setup steps for your TIE slave (more details here).

Once you reach the "Service Selection" screen, make sure to select both, the "DXL Broker" as well as the "TIE Server" options.

 

18-services-slave.png

 

Next, select "S" for the "Slave" option. Additional information you need to provide are:

- IP of the TIE master server

- Username and password set for the "Operational Account" on the master

 

Afterwards proceed to the next step in the wizard and finish the installation.

19-tie-mode-slave.png

 

In case of Emergency

 

In case your TIE master server becomes unavailable, you can "promote" the slave server to be the new master.

 

To do so, please login to the console of the slave server (either via SSH or via the VM ESX console) with your "Operational Account" credentials.

 

21-ssh-login.png

 

Next, run the command

sudo reconfig-tie

 

22-reconfig-tie.png

 

In the dialog that opens, switch from "S" for Slave mode to "M" for Master

 

23-switch-to-master.png

 

After confirming your selection, the TIE server will autmatically reconfigure its services. A reboot of the machine is NOT required.

 

24-tie-restart.png

 

 

Your Slave server is now the new TIE master server.

 

In case you would like to "demote" the master back to a slave server, run the same reconfig-tie command and simply select "S" for slave again

 

25-switch-to-slave.png

 

 

What mode is my TIE server in?

 

To see what mode your TIE server is currentl;y running in, you can use ePO.

Navigate to the System Tree and select your TIE server in question. Then navigate to Products >> McAfee Threat Intelligence Exchange Server and then scroll down to the bottom to see the "Server Operation Mode"

 

28-server-mode-lookup.png

 

Alternatively you can lookup the operating mode from the command line of the TIE server with the command:

grep -B 1 startMode /opt/McAfee/tieserver/conf/tie.properties

 

29-server-mode-cmd.png

Labels (1)
Contributors
Version history
Revision #:
2 of 2
Last update:
‎03-15-2018 01:11 PM
Updated by: