Note: These recommendations were qualified for RSA Security Analytics 10.6.4. These recommendations can be used as a baseline for 11.1.0.0 and adjusted as needed.
Note: For a description of terms and abbreviations used in this topic, refer to Deployment Overview.
This topic contains the minimum Azure VM configuration settings recommended for the NetWitness Suite (NW) virtual stack components.
- VM:
- The recommended settings in the NetWitness Suite component VM tables below were calculated under the following conditions.
- Ingestion rates of 15,000 EPS were used.
- All the components were integrated.
- The Log stream included a Log Decoder, Concentrator, and Archiver.
- Incident Management was receiving alerts from the Reporting Engine and Event Stream Analysis.
- The background load included reports, charts, alerts, investigation, and incident management.
- The recommended settings in the NetWitness Suite component VM tables below were calculated under the following conditions.
- VHD (Storage)
Contact RSA Customer Support (https://community.rsa.com/docs/DOC-1294) for assistance on how to increase the number of volumes based on your the storage requirements using the RSA Sizing & Scoping Calculator.Note: For higher EPS rates, the Concentrator index volume must be allocated SSDs.
*Reporting Engine, Respond, and Health & Wellness can be co-located on NetWitness Server host.
Previous Topic:Deployment Overview
Next Topic:Deployment Rules and Checklist
You are here
Table of Contents > VM Configuration Recommendations