Skip to main content

Configuring Checkmarx Software Exposure Platform for High Availability

High availability refers to a durable system that operates continuously without failure and is always available to the system users and the clients. Such a high availability system is realized by installing CxSAST in a High Availability architecture, where two or more CxManager servers are installed and run in active-active mode. It can access the same database to ensure the system continues operating if one CxManager fails. The highly available components are the following and are laid out as illustrated:

  • ActiveMQ (active-passive)

  • CxEngine (active-active)

  • CxManager + Access Control (active-active).

ActiveMQ is configured on two hosts to become available if the active host fails immediately. This configuration allows for load balancing and not just redundancy. To configure CxSAST in high availability mode, you must use an external load balancer (for example, Nginx, AWS, etc.).

Notice

Once ActiveMQ has been installed and configured on the relevant hosts in Silent mode, you must return to the CxManager installation to reconfigure Access Control.

Configuring High Availability

High Availability is configured via the Checkmarx Software Exposure Platform components for each machine/server. The configuration steps can be performed manually using the following steps:

  1. Install all Checkmarx Software Exposure Platform components for the High availability environment independently (not in parallel) according to these instructions.

    Notice

    • Installing Checkmarx Software Exposure Platform components in parallel could cause database locking issues.

    • Rename the servers for all Checkmarx Software Exposure Platform components according to the instructions.

  2. Manually add the CxEngine Server(s) according to these instructions, and then remove the default (localhost) CxEngine from the Web Portal.

  3. Configure all Checkmarx Software Exposure Platform components for SOURCE_PATH, REPORTS_PATH, and EX_SOURCE_PATH - DB table dbo.cxComponentConfiguration: Replace the local path (C:\<folder>\...) with the relevant network path, for example \\<hostname>\<folder>.

    Notice

    Server names must be 12 characters or less and be part of the domain.

  4. Configuring ActiveMQ for High Availability according to the instructions for distributed installations or the instructions for silent distributed installations, depending on your chosen installation type. You must run Silent Reconfiguration after updating the DB with the new ActiveMQ endpoints when having more than one ActiveMQ component.

  5. Configuring Access Control for High Availability according to these instructions.

    Once Access Control is configured, create a new environment variable called SERVER_PUBLIC_ORIGIN on each CxManager host and assign it to the same URL you added to the database. Ensure that CxSASTManagerUri in the dbo.CxConfigurationProperties table is also set to the above load balancer URL. For further information, refer to Environment Variables.

  6. Configuring the Checkmarx Web Portal on a dedicated host according to these instructions.