Azure: VM Configuration Recommendations

Note: For a description of terms and abbreviations used in this topic, refer to Deployment Overview.

This topic contains the minimum Azure VM configuration settings recommended for the NetWitness Platform (NW) virtual stack components.

• VM:
  • The recommended settings in the NetWitness Platform component VM tables below were calculated under the following conditions.
    • Ingestion rates of 15,000 EPS were used.
    • All the components were integrated.
    • The Log stream included a Log Decoder, Concentrator, and Archiver.
    • Incident Management was receiving alerts from the Reporting Engine and Event Stream Analysis.
    • The background load included reports, charts, alerts, investigation, and respond.

• Note: For higher EPS rates, the Concentrator index volume must be allocated SSDs.
  

  Azure Storage Recommendations

  The following table displays are the storage recommendations for NetWitness Azure VMs.

                                                                     

  Azure Image Type	Rate (EPS)	CPU (GB)	RAM (GB)	Instance Type (Azure Name)	Cache
  NW	Does not apply	16	112	Standard D14_v2	Read/ Write
  Log Decoder	15,000	32	128	Standard D32s_v3	Read/ Write
  Log Concentrator	15,000	16	112	Standard DS14_v2	Read/ Write
  Archiver	15,000	16	112	Standard D14_v2	Read/ Write
  ESA	15,000	20	140	Standard D15_v2	Read/ Write
  Log Collector	15,000	8	32	Standard D8s_v3	Read/ Write

The following table displayed the storage recommendations of volume group, folder, size, and disk type

Storage Recommendations - Volume Group, Folder, Size, and Disk Type (Contd..)

*Reporting Engine, Respond, and Health & Wellness can be co-located on NetWitness Server host.