Skip to main content

Configuring Checkmarx Software Exposure Platform for High Availability

High availability refers to a system that is durable and operates continuously without failure and is always available to the system users and the clients. Such a high availability system is realized by installing CxSAST in a High Availability architecture, where two or more CxManager servers are installed and run in active-active mode and can access the same database to ensure that the system continues operating, if one CxManager fails. The highly available components are the following and are laid out as illustrated:

  • ActiveMQ (active-passive)

  • CxEngine (active-active)

  • CxManager + Access Control (active-active).

ActiveMQ is configured on two hosts to immediately become available in case of failure of the active host. In addition, this configuration allows for load balancing and not just redundancy. In order to configure CxSAST in high availability mode, you have to use an external load balancer (for example Nginx, AWS etc.).


Once ActiveMQ has been installed and configured on the relevant hosts in Silent mode, you have to return to the CxManager installation to reconfigure Access Control.

Configuring High Availability

High Availability is configured via the Checkmarx Software Exposure Platform components for each machine/server accordingly. The configuration steps can be performed manually using the following steps:

  1. Install all Checkmarx Software Exposure Platform components for the High availability environment independently (not in parallel) according to these instructions.


    • Installing Checkmarx Software Exposure Platform components in parallel could cause database locking issues.

    • If required, rename the servers for all Checkmarx Software Exposure Platform components according to these instructions.

  2. Manually add the CxEngine Server(s) according to these instructions, and then remove the default (localhost) CxEngine from the Web Portal.

  3. Configure all Checkmarx Software Exposure Platform components for SOURCE_PATH and EX_SOURCE_PATH - DB table dbo.cxComponentConfiguration: Replace the local path (C:\<folder>\...) with the relevant network path, for example \\<hostname>\<folder>.


    Server names must be 12 characters or less and must be a part of the domain.

  4. Configuring ActiveMQ for High Availability according to the instructions for distributed installations or according to the instructions for silent distributed installations, depending on the installation type you choose. When having more than one ActiveMQ component, you need to run Silent Reconfiguration after updating the DB with the new ActiveMQ endpoints.

  5. Configuring Access Control for High Availability according to these instructions.

    Once Access Control is configured, create a new environment variable called SERVER_PUBLIC_ORIGIN on each CxManager host and assign the same URL to it that you added in the database. For further information, refer to Environment Variables.

  6. Configuring the Checkmarx Web Portal on a dedicated host according to these instructions.