Configuring Checkmarx Software Exposure Platform for High Availability (v9.0.0 to v9.2.0)

Owned by David P (Deactivated)
Last updated: Jan 13, 2021 by Johannes Stark (Unlicensed)
2 min read

Page Contents

Overview

High availability refers to a system that is durable and operates continuously without failure and is always available to the system users and the clients. Such a high availability system is realized by installing CxSAST in a High Availability architecture, where two or more CxManager servers are installed and run in active-active mode and can access the same database to ensure that the system continues operating, if one CxManager fails. The highly available components are the following and are laid out as illustrated

  • ActiveMQ (active-passive)
  • CxEngine (active-active)
  • CxManager + Access Control (active-active)

ActiveMQ is configured on two hosts to immediately become available in case of failure of the active host. In addition, this configuration allows for load balancing and not just redundancy. In order to configure CxSAST in high availability mode, you have to use an external load balancer (for example Nginx, AWS etc.).

Configuring High Availability

High Availability is configured via the Checkmarx Software Exposure Platform components for each machine/server accordingly. The configuration steps can be performed manually using the following steps:

 1. Install all Checkmarx Software Exposure Platform components for the High availability environment independently (not in parallel) according to these instructions.

  • Installing Checkmarx Software Exposure Platform components in parallel could cause database locking issues.
  • If required, rename the servers for all Checkmarx Software Exposure Platform components according to these instructions.

 2. Manually add the CxEngine Server(s) according to these instructions, and then remove the default (localhost) CxEngine from the Web Portal.

 3. Configure all Checkmarx Software Exposure Platform components for SOURCE_PATH and EX_SOURCE_PATH - DB table dbo.cxComponentConfiguration: Replace the local path (C:\<folder>\...) with the relevant network path, for example \\<hostname>\<folder>.

Server names must be 12 characters or less and must be a part of the domain.

 4. Configuring ActiveMQ for High Availability according to these instructions.

 5. Configuring Access Control for High Availability according to these instructions.

 6. Configuring the Checkmarx Web Portal on a dedicated host according to these instructions.

Restoring the SessionState Value after Upgrading

Users who use the SessionState value in the Web.Config file will have to restore this line in the Web.Config file once the upgrade to Version 9.0.0 is complete. The original file is automatically backed up during the upgrade process. To restore the SessionState value, you have to restore the entire line in the new Web.Config file from the backed up file as follows:

 1. Navigate to ..\Program Files\checkmarx \checkmarxwebportal and open web.config_backup for editing.

 2. Search for <sessionState configSource="sessionState.config" /> and copy the entire line.

 3. Open web.config and navigate to the location where this line is located in the backup file.

 4. Paste the line in this location, save and then close web.config.

Do not simply replace the web.config with the backup file web.config_backup as additions may be lost and the CxSAST application stops operating.

.