|Applies To||RSA Product Set: RSA NW Endpoint 4.X|
RSA Product/Service Type: RSA NW Endpoint Console Server, Secondary Server
RSA Version/Condition: 4.4.x
|Issue||When to deploy a Secondary ECAT Console Server. What are the limits and performance?|
|Resolution||The 4.4.x Install Guide (located on the RSA Community Website -> Products -> NetWitness -> Documentation -> RSA Netwitness Endpoint -> Version 4.4)|
Some of the requirements include:
• All servers must use the same certificates.
• All servers must be able to access a network shared storage location for the ECAT file download repository.
• All agents must contact the primary server the first time they connect (They will download a list of all the servers at that point).
• All secondary servers must be able to communicate to the primary server.
• SQL Server TCP/IP encryption must be enabled on all SQL Server instances.
The ECAT User Guide also mentions, "Secondary servers cannot be used for the sole purpose of segmenting the ECAT network, as all agents will need the capability to report to the Primary server."
The Secondary ECAT server is more suited to large environment (50,000+ agents)
Ideally, when deploying a secondary, it is recommended to go with two secondary servers with one primary. When planning for large sites it is best to consult with RSA System Engineer or RSA Professional Services most recent information on capacity planning.
It is estimated that approximately 1/3 of the work made by the secondary servers will be duplicated on the primary server (modules, table aggregation, etc). This was observed empirically.
So if all agents are split 50/50 between Primary, and a Secondary, the Primary has 66.6% of the initial load (50 + 16.6) = (50 + 50/3). In the case of small environments, the final ratio might be even bigger, something like 75% of the load on the Primary.
Even with no Agents on the Secondary Server, there will be a minor impact to the Primary to maintain updates to the Secondary.
Server Discovery Mode:
Nearest Server is based on the best ping response from all ECAT Servers.
Fair Distribution tries to spread the Agents between all ECAT Servers.