AWS Instance Configuration Recommendations

Document created by RSA Information Design and Development on Jul 27, 2017Last modified by RSA Information Design and Development on Aug 30, 2017
Version 6Show Document
  • View in full screen mode
  

Note: For a description of terms and abbreviations used in this topic, refer to Abbreviations and Other Terminology Used in this Guide.

This topic contains the minimum AWS instance configuration settings recommended for the Security Analytics (SA) virtual stack components.

  • EC2 Instance:

    • Minimum instance type - m4-xlarge is the minimum instance type required for any SA component AMI so that it can function.
    • Instance type adjustments -you must adjust instance types according to your ingestion rate, content and parsers, dashboard reports, scheduled reports, investigations, and active users.
    • Recommended settings - the recommended settings in the SA component instance tables below were calculated under the following conditions.
      • Ingestion rates of 15,000 EPS and 1.5 Gbps were used.
      • All the components were integrated.
      • The Log stream included a Log Decoder, Concentrator, and Archiver.
      • The Packet Stream included a Packet Decoder and Concentrator.

      • Incident Management was receiving alerts from the Reporting Engine and Event Stream Analysis.
      • The background load included reports, charts, alerts, investigation, and incident management.
  • EBS Volumes (Storage)

    Contact RSA Customer Support (https://community.rsa.com/docs/DOC-1294) for assistance on how to increase the number of volumes based on your the storage requirements using the RSA Sizing & Scoping Calculator.

    Note: The Concentrator index volume must be allocated on Provisioned IOPS SSD.

    • Index
    • Meta
    • Session
    • Packet

Archiver

                                    
EC2 Instance
EPSInstance TypeEnhanced
Networking
Enabled
Tenancy Type -
Dedicated -
Run a Dedicated Instance

5,000

m4.xlarge
No of CPU: 4
Memory: 16 GB

No

Yes

10,000

m4.2xlarge
No of CPU: 8
Memory: 32 GB

No

Yes

15,000

m4.4xlarge
No of CPU: 16
Memory: 64 GB

NoYes

 

                                          
EBS Volumes (Storage)
VolumesDeviceVolume TypeIOPS/Baseline
Throughput

/ (root)

/dev/sda1

General Purpose SSD

N/A

usr,var,opt,home,tmp /dev/sdfGeneral Purpose SSD N/A

archiver

/dev/sdg

Throughput Optimized HDD

240 MB/s

workbench/dev/sdhThroughput Optimized HDDN/A

Broker

                     
EC2 Instance
Instance TypeEnhanced
Networking
Enabled
Tenancy Type -
Dedicated -
Run a Dedicated Instance

m4.xlarge
No of CPU: 4
Memory: 16 GB

NoYes

 

                                    
EBS Volumes (Storage)
VolumesDeviceVolume TypeIOPS/Baseline
Throughput

/ (root)

/dev/sda1

General Purpose SSD

N/A

usr,var,opt,home,tmp/dev/sdfGeneral Purpose SSD N/A

broker

/dev/sdg

General Purpose SSD

N/A

Concentrator - Log Stream

                                    
EC2 Instance
EPSInstance TypeEnhanced
Networking
Enabled
Tenancy Type -
Dedicated -
Run a Dedicated Instance

5,000

m4.xlarge
No of CPU: 4
Memory: 16 GB

No

Yes

10,000

m4.2xlarge
No of CPU: 8
Memory: 32 GB

No

Yes

15,000

m4.4xlarge
No of CPU: 16
Memory: 64 GB

NoYes

 

                                          
EBS Volumes (Storage)
VolumesDeviceVolume TypeIOPS/Baseline
Throughput

/ (root)

/dev/sda1

General Purpose SSD

N/A

usr,var,opt,home,tmp/dev/sdfGeneral Purpose SSD N/A

index,session

/dev/sdg

Provisioned IOPS

10,000

metadb/dev/sdhThroughput Optimized HDD240 MB/s

Packet Stream Solutions

Concentrator - Gigamon Solution

                                    
EC2 Instance
Mbps/GbpsInstance TypeEnhanced
Networking
Enabled
Tenancy Type -
Dedicated -
Run a Dedicated Instance

500 Mbps

c4.4xlarge
No of CPU: 16
Memory: 30 GB

No

Yes

1,000 Mbps

c4.8xlarge
No of CPU: 36
Memory: 60 GB

No

Yes

1.5 Gbps

m4.10xlarge
No of CPU: 40
Memory: 160 GB

NoYes

 

                                          
EBS Volumes (Storage)
VolumesDeviceVolume TypeIOPS/Baseline
Throughput

/ (root)

/dev/sda1

General Purpose SSD

N/A

usr,var,opt,home,tmp/dev/sdfGeneral Purpose SSDN/A

index,session

/dev/sdg

Provisioned IOPS

15,000

metadb/dev/sdhThroughput Optimized HDD240 MB/s

Decoder - Gigamon Solution

                                    
EC2 Instance
Mbps/GbpsInstance TypeEnhanced
Networking
Enabled
Tenancy Type -
Dedicated -
Run a Dedicated Instance

500 Mbps

c4.2xlarge
No of CPU: 8
Memory: 15 GB

Yes

Yes

1000 Mbps

c4.4xlarge
No of CPU: 16
Memory: 30 GB

Yes

Yes

1.5 Gbps

c4.8xlarge
No of CPU: 36
Memory: 60 GB

YesYes

 

                                          
EBS Volumes (Storage)
VolumesDeviceVolume TypeIOPS/Baseline
Throughput

/ (root)

/dev/sda1

General Purpose SSD

N/A

usr,var,opt,home,tmp/dev/sdfGeneral Purpose SSDN/A

index,session,meta

/dev/sdg

Throughput Optimized HDD

240 MB/s

packet/dev/sdhThroughput Optimized HDD240 MB/s

Concentrator - Ixia Solution

To be updated when Ixia performance testing is complete.

Decoder - Ixia Solution

To be updated when Ixia performance testing is complete.

ESA and Context Hub on Mongo Database

                                     
 EC2 Instance
EPSInstance TypeEnhanced
Networking
Enabled
Tenancy Type -
Dedicated -
Run a Dedicated Instance

9,000

m4.2xlarge
No of CPU: 8
Memory: 32 GB

No

Yes

18,000

r4.2xlarge
No of CPU: 8
Memory: 61 GB

No

Yes

30,000 Aggregation Rate

r4.4xlarge
No of CPU: 16
Memory: 122 GB

NoYes

 

                                    
EBS Volumes (Storage)
VolumesDeviceVolume TypeIOPS/Baseline
Throughput

/ (root)

/dev/sda1

General Purpose SSD

N/A

usr,var,opt,home,tmp/dev/sdfGeneral Purpose SSDN/A

apps (/opt/rsa)

/dev/sdg

General Purpose SSD

N/A

Log Collector (Syslog, Netflow, and File Collection Protocols)

                        
EC2 Instance
EPSInstance TypeEnhanced
Networking
Enabled
Tenancy Type -
Dedicated -
Run a Dedicated Instance
30,000 NON SSL

c4.2xlarge

No of CPU: 8

Memory: 15 GB

NoYes

 

                                    
EBS Volumes (Storage)
VolumesDeviceVolume TypeIOPS/Baseline
Throughput

/ (root)

/dev/sda1

General Purpose SSD

N/A

usr,var,opt,home,tmp/dev/sdfGeneral Purpose SSDN/A
logcollector

/dev/sdg

General Purpose SSD

N/A

Log Decoder

                                    
EC2 Instance
EPSInstance TypeEnhanced
Networking
Enabled
Tenancy Type -
Dedicated -
Run a Dedicated Instance

5,000

c4.2xlarge
No of CPU: 8
Memory: 15 GB

Yes

Yes

10,000

c4.4xlarge
No of CPU: 16
Memory :30 GB

Yes

Yes

15,000c4.8xlarge
No of CPU: 36
Memory: 60GB
YesYes

 

                                          
EBS Volumes (Storage)
VolumesDeviceVolume TypeIOPS/Baseline
Throughput

/ (root)

/dev/sda1

General Purpose SSD

N/A

usr,var,opt,home,tmp/dev/sdfGeneral Purpose SSDN/A

index,session,meta

/dev/sdg

Throughput Optimized HDD

240 MB/s

packet/dev/sdhThroughput Optimized HDD240 MB/s

Security Analytics Server, Reporting Engine, Incident Management and Health & Wellness

                          
EC2 Instance
Instance TypeEnhanced
Networking
Enabled
Tenancy Type -
Dedicated -
Run a Dedicated Instance

m4.2xlarge
No of CPU: 8
Memory: 32 GB

No

Yes

m4.4xlarge
No of CPU: 16
Memory: 64 GB

NoYes

 

                                          
EBS Volumes (Storage)
VolumesDeviceVolume TypeIOPS/Baseline
Throughput

/ (root)

/dev/sda1

General Purpose SSD

N/A

usr,var,opt,home,tmp/dev/sdf

General Purpose SSD

N/A

uax,ipdb

/dev/sdg

General Purpose SSD

N/A

redb,rehome/dev/sdh

General Purpose SSD

N/A
Previous Topic:AWS Deployment
Next Topic:Checklist
You are here
Table of Contents > Instance Configuration Recommendations

Attachments

    Outcomes