This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Discussions

Is the broker always separate from the SA head unit in a virtualized infrastructure?

Go to solution
JohnTyson1
Beginner
Beginner

‎2016-05-13 01:58 PM


I was wondering if there are any vms that have the broker built into the SA?

0 Likes
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
JonathanSaxon
Employee
Employee

‎2016-05-18 01:27 PM

The standard OVA files separate the Broker service from the Security Analytics Server services. 

 

I have heard of customers and engineers building their own "hybrid" appliances where the Concentrator and Decoder services run on the same virtual machine but we don't ship a Hybrid OVA. 

 

There is no reason you could not install the Broker service on a virtual Security Analytics Server but you would want to size the virtual machine specifications appropriately.  Of course, this would be a non-standard implementation of the virtual machines and you would have to run some mongo commands to register the Broker service.  But this configuration would mimic the physical appliances so it should not require a great deal of effort to manage the appliance.  Just mention it to Support when you open a ticket so they know the virtual machine is non-standard in this regard. 

 

You could also purchase a separate virtual Malware appliance if you did not want to use the included, limited malware service included with the virtual Security Analytics Server appliance.

 

Hope that helps.

View solution in original post

4 REPLIES 4

Go to solution
Anonymous
Not applicable

‎2016-05-16 01:15 PM

Why would you want to run the Broker VM joined up with SA Server versus separately?

0 Likes

Go to solution
JohnTyson1
Beginner
Beginner
In response to Anonymous

‎2016-05-16 01:39 PM

I have not put this thought thru the ringer, but the main reason, would be resource utilization compared to the recommended minimum cpu and memory allocation for the SA head unit.  I have not run any metrics, but without the overhead of the broker, it seems like the minimum specs are a bit much if the malware and reporting functions are not being utilized to the full potential.

 

I do see the benefits of being able to break it out and give more resources to the broker(s) based on the load.

0 Likes

Go to solution
JonathanSaxon
Employee
Employee

‎2016-05-18 01:27 PM

The standard OVA files separate the Broker service from the Security Analytics Server services. 

 

I have heard of customers and engineers building their own "hybrid" appliances where the Concentrator and Decoder services run on the same virtual machine but we don't ship a Hybrid OVA. 

 

There is no reason you could not install the Broker service on a virtual Security Analytics Server but you would want to size the virtual machine specifications appropriately.  Of course, this would be a non-standard implementation of the virtual machines and you would have to run some mongo commands to register the Broker service.  But this configuration would mimic the physical appliances so it should not require a great deal of effort to manage the appliance.  Just mention it to Support when you open a ticket so they know the virtual machine is non-standard in this regard. 

 

You could also purchase a separate virtual Malware appliance if you did not want to use the included, limited malware service included with the virtual Security Analytics Server appliance.

 

Hope that helps.

Go to solution
JohnTyson1
Beginner
Beginner
In response to JonathanSaxon

‎2016-05-26 01:12 PM

Yes, thanks for answering the question. Ill see what SCOL has pertaining to mongo commands to register the broker.  Thanks again.

0 Likes
© 2022 RSA Security LLC or its affiliates. All rights reserved.