Deployment Guide Overview

Document created by RSA Information Design and Development on Jul 21, 2016Last modified by RSA Information Design and Development on Oct 13, 2016
Version 5Show Document
  • View in full screen mode

This guide describes the basic requirements of a Security Analytics deployment and outlines optional scenarios to address needs of your enterprise. You can use distributed networks to install Brokers, Concentrator, Decoders, and Log Decoders in diverse geographical locations before the Security Analytics Server is installed and brought online. Even in small networks, planning can ensure that all goes smoothly when you are ready to bring the hosts online.

There are many factors you must consider before you deploy Security Analytics. The following items are just some of these factors. You need to estimate growth and storage requirements when you consider these factors.

  • The size of your enterprise (that is, the number of locations and people that will use Security Analytics.
  • The volume of packets and logs you need to process.
  • The performance each Security Analytics user role needs to do their jobs effectively.
  • The prevention of downtime (that is, how to avoid a single point of failure).

Terminology Changes

The following terminology changes were made 10.6 that affect this guide.

Security Analytics Server HostSA host,
SA appliance

Note: Abbreviated to Security Analytics Server Host for messaging and in graphics where space is an issue.

Host on which the Security Analytics Server resides. The Security Analytics Server contains the User Interface and Service Management Service (SMS). When you are updating to a new version, the Security Analytics Server must be updated first. If you have a mixed-version Security Analytics deployment, the Security Analytics Server must have the latest version in your deployment.

Depending on your deployment, you may host the following services on the Security Analytics Server host in addition to the Security Analytics server and SMS:

  • Event Source Management
  • Reporting Engine
  • Malware Analysis
  • IPDBExtractor
  • Incident Management
  • Broker
non-Security Analytics Server host non-SA host

Any host in your Security Analytics deployment other than an Security Analytics Server Host. See Security Analytics Server Host.

Primary Security Analytics ServerPrimary SA HostSecurity Analytics Server that you designate as primary. This is the Security Analytics Server host that you must update first in a multi-SA Server-host deployment.  You use the Primary Security Analytics Server to monitor all the hosts in your Security Analytics deployment. See Multiple Security Analytics Server Deployment.
Secondary Security Analytics Server Secondary SA Host

Any Security Analytics Server not designated as primary in a multi-Security Analytics Server deployment. You must update Secondary Security Analytics Servers after you update the primary Security Analytics Server. Secondary Security Analytics Servers help you balance the Security Analytics load of activity to improve performance. Each Secondary Security Analytics Server manages a standalone subset of Security Analytics functionality (that is services) to improve performance. See Multiple Security Analytics Server Deployment.

Note: Refer to the RSA Security Analytics Virtual Host Setup Guide for instructions on how to deploy Security Analytics hosts in a virtual environment.

You are here
Table of Contents > Deployment Guide