Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1867
Views
0
Helpful
2
Replies

Stealthwatch Architecture Question

Go to solution
reheindel
Level 1
Level 1

‎03-15-2019 01:12 PM

I am looking at architecture options for Stealthwatch 7.0

 

We are looking a deploying virtual SMC and flow collectors.

 

If we have multiple data centers - is it supported to have a "primary" SMC and Flow Collector one data center - and a "secondary" SMC and Flow Collector at a backup data center?

 

If so - do I need a UDP director to send flow records to both flow collectors? 

 

Thanks in advance for the help.

 

Bob

 

I

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
brford
Cisco Employee
Cisco Employee

‎03-21-2019 11:18 AM

Bob,

 

Yes.  I suggest that any telemetry you send to the primary Flow Collector you use UDP Director to duplicate that at the secondary Flow Collector.  UDP Director is the best way to do that rather than exporting flow to each Flow collector from each exporter.

 

I would assume the back up data center has it's own Internet connection.  Send those network translation (NAT) logs to the secondary; not the primary.

 

If you enable Cognitive Intelligence make sure that you only send from the primary flow collector.  You can add the second flow collector to your account but only enable that when the primary in down.

 

You should be able to login to the Stealthwatch SMC at the backup facility and see just the traffic from the at site.

 

The SMC at the backup site will not be secondary.  Primary - secondary is used when you have 2 SMCs working with the same Flow Collector.  The primary will be admin for that deployment (where admin can make config changes) and the secondary will be useful for any other (than admin) user.  It allows the Stealthwatch UI to scale up.

 

Hope this helps!

 

Brian

Brian Ford | brford@cisco.com | brford@yahoo.com | 51 75 61 6c 69 74 79 20 6d 65 61 6e 73 20 64 6f 69 6e 67 20 69 74 20 72 69 67 68 74 20 77 68 65 6e 20 6e 6f 20 6f 6e 65 20 69 73 20 6c 6f 6f 6b 69 6e 67 2e | Email me when you figure this out.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
brford
Cisco Employee
Cisco Employee

‎03-21-2019 11:18 AM

Bob,

 

Yes.  I suggest that any telemetry you send to the primary Flow Collector you use UDP Director to duplicate that at the secondary Flow Collector.  UDP Director is the best way to do that rather than exporting flow to each Flow collector from each exporter.

 

I would assume the back up data center has it's own Internet connection.  Send those network translation (NAT) logs to the secondary; not the primary.

 

If you enable Cognitive Intelligence make sure that you only send from the primary flow collector.  You can add the second flow collector to your account but only enable that when the primary in down.

 

You should be able to login to the Stealthwatch SMC at the backup facility and see just the traffic from the at site.

 

The SMC at the backup site will not be secondary.  Primary - secondary is used when you have 2 SMCs working with the same Flow Collector.  The primary will be admin for that deployment (where admin can make config changes) and the secondary will be useful for any other (than admin) user.  It allows the Stealthwatch UI to scale up.

 

Hope this helps!

 

Brian

Brian Ford | brford@cisco.com | brford@yahoo.com | 51 75 61 6c 69 74 79 20 6d 65 61 6e 73 20 64 6f 69 6e 67 20 69 74 20 72 69 67 68 74 20 77 68 65 6e 20 6e 6f 20 6f 6e 65 20 69 73 20 6c 6f 6f 6b 69 6e 67 2e | Email me when you figure this out.
0 Helpful

Go to solution
reheindel
Level 1
Level 1
In response to brford

‎03-28-2019 01:30 PM

Excellent, thanks very much for the detailed response Brian!

 

Regards,

Bob

0 Helpful
Customers Also Viewed These Support Documents