I'm interested in a few things related to adding and/or removing a DESM to an existing setup.
Is there a good document other than the brief mentions in the user guide?
Has anyone deployed with ESM's in HA i.e. Primary/Redundant setups? Would that even matter?
Is removing a DESM from a setup destructive to the downstream ESM's and related devices/data sources?
Both processes are quite simple honestly.
- From the central ESM remove the DESM(Will remove event data from Central ESM)
- On the DESM properties under ESM management remove the Key Associated with the Central ESM this way you will destroy the trust completely, if you want to readd it in future you have to go through the standard process.
- There should be no negative impact on the DESM and it's device such effects are caused only by adding the DESM as the central ESM will overwrite the Custom types on the DESM
2. Redundancy is quite good feature however you have to switch manually in case of failure on the primary ESM.
- Again under ESM properties --> File Maintenance --> Backup files --> Settings --> Redundancy
As show below just set the role and Corresponding IP in that case i'm creating primary ESM respectivly i have to enter the IP/IP's of secondary ESM/s
On each of your Redundat ESM follow the same steps but just select the role of Redundant and enter the IP of your Primary ESM.
Bare in mind that Once initiated the process must not be interupted otherwise you might end up with broke ESM
Once initiated first the Redundant ESM will restart so it could switch the mode and start the synchronization.
After some time at the end of the Sync both ESM will go down until the sync is fully completed.
It's quite good feature as all of your data will be replicated to the redundant.
#1 is good stuff as usual from you
For #2 guess, maybe it was not so clear...... Say I want a Central ESM with DESM's underneath that are in a Primary/Redundant mode i.e. say HA ESM's configuration which would would be call HA DESM? Is that possible?
It would be ideal the the Central ESM could add both HA's which are now (D)ESM's but when it came time for the Central to grab events, the request would go to both the Primay HA ESM and Redundant HA ESM which would not return the data because it is not the Primary. Primary should return the event data upstream.
Hope that makes sense but more important that the ESM can handle all that logic... I'll let you know if I find out any more on this topic over the next few days.
Once the the ESM enters Redundant mode you can't use it for anything else meaning that it will be dedicated for redundancy.
In your case you will need 1 Primary 1 Redundant and 1 DESM which means you need 3 ESM's.