I have a VM deployment scenario for logs and packets in Azure. I'm not able to design a scenario well to reflect on the correct implementation of this machine in Azure. If anyone can help me get an idea, I'd appreciate it.
- Scenario for Logs:
- VM Log Hybrid
- Maximum 1000 EPS (or 50GB/day)
- Maximum retention time of 3 days (raw data) and 7 days (metada)
- How much will I need disk, memory and cpu?
- What better family for this implementation (BS2, D4S, E4S, et.al.....)?
- Scenario for Network (still in preview):
- VM Network Hybrid or VM Network (Decoder and Concentrator)
- Maximum retention time of 3 days
- How much will I need disk, memory and cpu?
- What better family for this implementation?
- Considering this 60% retention and utilization time, how much maximum traffic per day can I support?
By way of example, I came up with the following drawing
Function | Memory | Disk | IOPS | Processor | Network |
Network Decoder | 16GB | 3,95 TB (SSD/SAS/HDD) | 200 (50 read / 150 write) | 4 vCPUs | x1 vNIC Managed Mode x1 vNIC Promiscue Mode |
Network Concentrator | 16GB | 2,25 TB (SSD) | 3.120 (150 read / 2970 write) | 4 vCPUs | x1 vNIC Managed Mode |
Log Hybrid | 32GB | 2,0 TB (SSD/SAS/HDD) | 3.350 (250 read / 3100 write) | 4 vCPUs | x1 vNIC Managed Mode |
What do you think of this sizing plan? In Azure, view this families:
- Net Decoder: D4s_v3 - 4vCPU, 16GB RAM, 6400 IOPS - S50 (4TB disk - 500 IOPS)
- Net Concentrator: D4s_v3 - 4vCPU, 16GB RAM, 6400 IOPS - P40 (2TB disk - 7500 IOPS)
- Log Hybrid: E4s_v3 - 4vCPU, 32GB RAM, 6400 IOPS - P40 (2TB disk - 7500 IOPS)
#azure #netwitness azure #microsoft azure
