For those of you that are on R80.10 already, can you please provide recommendations on hardware requirements for R80.10 SmartLog Server?
The minimum requirements are listed in the R80.10 Release Notes for a Security Management Server (which includes a Log Server):
Obviously, the more of all the above, the merrier.
Smart-1 Appliances list the log volume they'll support on their datasheets.
As Dameon said - more the merrier. All depends on number of logs you will need to crunch. I have put up here log rate calculator Log rate calculator for MDS / MLM that's based on SK and I can say at 10000 events/sec we have 16 cores + 64 GB + 6TB and I would want even more
One of my clients has Smart-1 210 running R80.10.
According to release notes:
And I know that it is a two core unit.
Presently, log indexing and SmartEvent/Correlation is not enabled on it, but I can see that being a problem.
I can suggest few options to the client:
1. Trade it in for a larger server (this will not go well, as 210 was sold to them barely a year ago)
2. Up the RAM to 16G and connect external iSCSI volume for faster logging and indexing, (hard to discern the possible benefits when relying on external solution)
3. Move the license to Open Server and re-deploy management on VM with properly sized virtual hardware
You may at least want to check the trade-in options with your account team as it may not cost as much as you'd think (though obviously switching appliances is a bother).
Adding RAM to the Smart-1 210 doesn't change the processor at all.
Open Server is always an option, but that also requires a trade-in since licenses are not transferrable on appliances.
VM in think is the most cost effective for Mgmt/logs. As typically for big organisation your VM is covered in general so you only pay for CP license. And then upgrading CPU/RAM/Disk is relatively cheap.
All depends on size of your esx deployment. But of course it will cost to move away from appliance. Especially if you just bought it. Ouch.
I am a gun for hire being brought-in to get them up and running.
But still, every time I am walking in a situation like this, (and it happens often), I cringe, as this is how CP is getting a bad rap for improperly sized appliances.
In this particular situation, it's a pair of 13500s in core routing mode with bunch of blades, so I expect those to log a lot, especially, since they want to run those relatively open before tightening the policy.
I hear what you're saying.. Driving latest model BMW or Tesla is not cheap. And I'm not CP sales but customer..I was very happy that we had Mgmt on VM after R80 upgrade
Retrieving data ...