Azure: VM Configuration Recommendations

Document created by RSA Information Design and Development on Feb 2, 2018Last modified by RSA Information Design and Development on Mar 30, 2018
Version 2Show Document
  • View in full screen mode
 

Note: These recommendations were qualified for RSA Security Analytics 10.6.4. These recommendations can be used as a baseline for 11.1.0.0 and adjusted as needed.

Note: For a description of terms and abbreviations used in this topic, refer to Deployment Overview.

This topic contains the minimum Azure VM configuration settings recommended for the NetWitness Suite (NW) virtual stack components.

  • VM:
    • The recommended settings in the NetWitness Suite component VM tables below were calculated under the following conditions.
      • Ingestion rates of 15,000 EPS were used.
      • All the components were integrated.
      • The Log stream included a Log Decoder, Concentrator, and Archiver.
      • Incident Management was receiving alerts from the Reporting Engine and Event Stream Analysis.
      • The background load included reports, charts, alerts, investigation, and incident management.
  • VHD (Storage)
    Contact RSA Customer Support (https://community.rsa.com/docs/DOC-1294) for assistance on how to increase the number of volumes based on your the storage requirements using the RSA Sizing & Scoping Calculator.

    Note: For higher EPS rates, the Concentrator index volume must be allocated SSDs.

                                                            
VM Sizing
ComponentEPSComputeVM Size
Archiver15,000No of CPU: 16
Memory: 112 GB
Standard D14 v2
Broker15,000No of CPU: 4
Memory: 14 GB
Standard DS3 v2
Concentrator15,000No of CPU: 16
Memory: 112 GB
Standard DS14 v2
ESA and Context Hub15,000No of CPU: 20
Memory: 140 GB
Standard D15 v2
Log Collector15,000 NON SSLNo of CPU: 8
Memory: 16 GB
Standard F8
Log Decoder15,000No of CPU: 16
Memory: 112 GB
Standard D14 v2
NW Server*15,000No of CPU: 16
Memory: 112 GB
Standard D14 v2

*Reporting Engine, Respond, and Health & Wellness can be co-located on NetWitness Server host.

Previous Topic:Deployment Overview
You are here
Table of Contents > VM Configuration Recommendations

Attachments

    Outcomes