Recovery solution for QRadar deployments

Maintaining data redundancy is crucial to resiliency and recovery from data loss. There are a wide variety of solutions that are currently deployed in the field to prevent and recover from data loss, and vary greatly in terms of complexity, cost, and effectiveness. IBM® QRadar® provides the IBM QRadar Data Synchronization app as a solution to maintain your configuration and data during a failure of you main site.

IBM QRadar Data Synchronization app

The QRadar Data Synchronization app mirrors your data to another identical system. It is possible to maintain configurations and data when you have two identical QRadar systems in separate geographic environments that are a mirror of each other. Data is collected at both sites and ensures operations can continue to function as normally as possible in scenarios when your main site fails.

QRadar Data Synchronization forwards live data, for example, flows and events from the main site's QRadar system to a parallel destination site. You can set up data synchronization with deployments that are in different geographical locations.

To use the QRadar Data Synchronization app, the main site and destination site deployments must be running QRadar 7.4.0 FixPack 3 or later. The destination site must be a fully duplicated deployment (1:1 host ratio) for hosts that contain or collect Ariel (event and flow) data. This includes Event Processors, Flow Processors, All in one Event Processors and Flow Processors, Event Collectors, Flow Collectors, consoles, and data nodes. However, QRadar Risk Manager, QRadar Vulnerability Manager, QRadar Incident Forensics, QRadar Network Insights, and QRadar App Host do not require 1:1 mapping.

A high-availability (HA) cluster is considered one host and the Data Synchronization app supports a HA cluster that is paired with a non-HA host.

Note: App data backup is currently not available using the Data Synchronization app. For more information about app data backup and recovery, see Backing up and restoring app data.

To learn more about the QRadar Data Synchronization app, see Data Synchronization app [ https://community.ibm.com/community/user/security/blogs/joel-violette1/2020/09/08/interrecord-separator].