You use the Security Analytics service to access all the services and data in your SA deployment. In addition, the SA Service incorporates underlying packages and capabilities (updates, licensing, Trust Model, as so on) which means that a single SA service governs your entire SA deployment. If this service fails, you cannot connect to the appliances and services from this the SA service requiring you to migrate the overall service governance to another SA Service. You can leverage multiple SA services to minimize risk of a single point of failure in your deployment.
Multiple SA Deployment
If you deploy multiple Security Analytics services, you must determine which SA service is the Primary SA and which SA service or services are the Secondary SA services.
Primary SA Service
The Primary SA service has all the functionally including:
- Fully functional Appliances view including the Updates column.
- Access to Health & Well views.
- Full use of the trusted connections feature.
Secondary SA Service
Secondary SA services can be offline and online mode. Users can connect to SA through a secondary SA service even if it is has not be designated as the primary SA service.
A Secondary SA has the following limitations:
- The Updates column on the Hosts view is valid for the Primary SA exclusively. It reflects the wrong status for a Secondary SA so you must not click it.
- You cannot use the Health & Wellness views.
- You cannot use the trusted connections feature.