03-15-2019 01:12 PM
I am looking at architecture options for Stealthwatch 7.0
We are looking a deploying virtual SMC and flow collectors.
If we have multiple data centers - is it supported to have a "primary" SMC and Flow Collector one data center - and a "secondary" SMC and Flow Collector at a backup data center?
If so - do I need a UDP director to send flow records to both flow collectors?
Thanks in advance for the help.
Bob
I
Solved! Go to Solution.
03-21-2019 11:18 AM
Bob,
Yes. I suggest that any telemetry you send to the primary Flow Collector you use UDP Director to duplicate that at the secondary Flow Collector. UDP Director is the best way to do that rather than exporting flow to each Flow collector from each exporter.
I would assume the back up data center has it's own Internet connection. Send those network translation (NAT) logs to the secondary; not the primary.
If you enable Cognitive Intelligence make sure that you only send from the primary flow collector. You can add the second flow collector to your account but only enable that when the primary in down.
You should be able to login to the Stealthwatch SMC at the backup facility and see just the traffic from the at site.
The SMC at the backup site will not be secondary. Primary - secondary is used when you have 2 SMCs working with the same Flow Collector. The primary will be admin for that deployment (where admin can make config changes) and the secondary will be useful for any other (than admin) user. It allows the Stealthwatch UI to scale up.
Hope this helps!
Brian
03-21-2019 11:18 AM
Bob,
Yes. I suggest that any telemetry you send to the primary Flow Collector you use UDP Director to duplicate that at the secondary Flow Collector. UDP Director is the best way to do that rather than exporting flow to each Flow collector from each exporter.
I would assume the back up data center has it's own Internet connection. Send those network translation (NAT) logs to the secondary; not the primary.
If you enable Cognitive Intelligence make sure that you only send from the primary flow collector. You can add the second flow collector to your account but only enable that when the primary in down.
You should be able to login to the Stealthwatch SMC at the backup facility and see just the traffic from the at site.
The SMC at the backup site will not be secondary. Primary - secondary is used when you have 2 SMCs working with the same Flow Collector. The primary will be admin for that deployment (where admin can make config changes) and the secondary will be useful for any other (than admin) user. It allows the Stealthwatch UI to scale up.
Hope this helps!
Brian
03-28-2019 01:30 PM
Excellent, thanks very much for the detailed response Brian!
Regards,
Bob
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide