Question & Answer
Question
This technote describes the process that can be used to migrate data from older QRadar SIEM hardware to new QRadar appliances.
Answer
This page is a landing page for several articles about hardware migrations for QRadar appliances. Each article in this list was written so administrators can complete an appliance replacement as quickly as possible with minimal downtime.
If administrators have suggestions or want more detailed instructions, they can comment any of the articles linked below or ask in the QRadar Customer Forum. This content is maintained by the QRadar Support team.
Hardware Migration Scenarios (Links):
If administrators have suggestions or want more detailed instructions, they can comment any of the articles linked below or ask in the QRadar Customer Forum. This content is maintained by the QRadar Support team.
Hardware Migration Scenarios (Links):
- Replacing a QRadar Managed Host (16xx, 17xx, 18xx appliance) in your deployment
Summary: This article is intended to get managed hosts installed and replaced in the network quickly with minimum downtime so they can continue to receive events. This procedure assigns the IP address of the old appliance to the new hardware. The new hardware is added to the deployment and the administrators can finalize moving data to complete the migration procedure while new events are collected from the network.
- Replacing a Console while keeping the IP address the same
Summary: This article is intended to get the Console appliance installed and replaced in the network quickly with minimum downtime using the same IP address that was used by the old hardware. There is no need for the administrator to remove managed host from the old Console as this procedure allows the new Console to takeover any existing hosts in the deployment. This procedure allows managed hosts in the deployment to continue to receive events while the Console is offline.
- Replacing a Console using a new IP address
Summary: This article is intended to get the Console appliance installed and replaced in the network quickly with minimum downtime. The new Console is provided a new IP address that is different than the old Console hardware. There is no need for the administrator to remove managed host from the old Console as this procedure allows the new Console to takeover any existing hosts in the deployment. Managed hosts in the deployment to continue to receive events while the Console is offline.
- Replacing a QRadar App Host (4000 appliance) in your deployment
Summary: This article is intended to replace an App Host in the network quickly with minimum downtime so they can continue to receive events. This procedure shuts down all apps, migrates data, and apps back to the Console, The you configure both the new and old App Host appliances IP address. You then reattach the App Host to the Console. Finally, the administrators can finalize the procedure by moving applications and data to the App Host.
Related Information
[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwsyAAA","label":"Admin Tasks"}],"ARM Case Number":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
13 June 2022
UID
swg21682044