Skip navigation
All Places > Products > RSA NetWitness Platform > RSA NetWitness Platform Online Documentation > Documents
Log in to create and rate content, and to follow, bookmark, and share content with other members.

Azure Install 11.5: Deployment Overview

Document created by RSA Information Design and Development Employee on Sep 9, 2020Last modified by RSA Information Design and Development Employee on Sep 9, 2020
Version 2Show Document
  • View in full screen mode
 

Azure instances have the same functionality as the RSA NetWitness Platform hardware and virtual hosts. RSA recommends that you perform the following tasks when you set up your Azure environment.

Before you can deploy RSA NetWitness Platform in Azure, you need to:

  • Review the recommended compute and memory specifications needed for each RSA NetWitness Platform instance.

  • Get familiar with the RSA NetWitness Platform Storage Guide to understand the types of drives and volumes needed to support NetWitness instances. For more information, see Storage Guide for RSA NetWitness Platform 11.x.
  • Make sure that you have a NetWitness Platform Throughput license.
  • Use Chrome for your browser (Internet Explorer is not supported).

Azure Environment Recommendations

Azure instances have the same functionality as the NetWitness Platform hardware hosts. RSA recommends that you perform the following tasks when you set up your Azure environment.

  • Based on the resource requirements of the different components, follow best practices to use the system and dedicated storage appropriately.
  • Build Concentrator directory for index database on SSD.

Azure Deployment Scenarios

Before you can deploy NetWitness Platform you need to:

  • Consider the requirements of your enterprise and understand the deployment process.
  • Have a high-level picture of the complexity and scope of a NetWitness Platform deployment.

Process

The components and topology of a NetWitness Platform network can vary greatly between installations, and should be carefully planned before the process begins. Initial planning includes:

  • Consideration of site requirements and safety requirements.
  • Review of the network architecture and port usage.
  • Support of group aggregation on Archivers and Concentrators, and virtual hosts.

When updating hosts and services, follow recommended guidelines under the "Running in Mixed Mode" topic in the RSA NetWitness Platform Host and Services Getting Started Guide.

You should also become familiar with Hosts, Host Types, and Services as they are used in the context of NetWitness Platform also described in the RSA NetWitness Platform Host and Services Getting Started Guide.

NetWitness Platform High-Level Deployment Diagram

NetWitness Platform is inherently modular. Whether organizations are looking to deploy on-premise or in the cloud, the NetWitness components are decoupled in a way which allows flexible deployment architectures to satisfy a variety of use cases.

The following figure is an example of a hybrid cloud deployment, where the base of the components are residing within the SecOps VPC. Centralizing these components make management easier while keeping network latency to a minimum.

Network, log and endpoint traffic could then be aggregated up to the SecOps VPC. The on-premise location would function just like a normal physical deployment and would be accessible for investigations and analytics.

Cloud SaaS visibility could be captured from a Log Decoder residing in either the cloud or on-premise locations.

Example of Netwitness Platform deployment using a hybrid cloud environment.

You are here
Table of Contents > Azure Installation Overview

Attachments

    Outcomes