André Henrique de O. Santos

Sizing VM Azure

Discussion created by André Henrique de O. Santos on Jul 15, 2020

I have a VM deployment scenario for logs and packets in Azure. I'm not able to design a scenario well to reflect on the correct implementation of this machine in Azure. If anyone can help me get an idea, I'd appreciate it.

 

  • Scenario for Logs:
    • VM Log Hybrid
    • Maximum 1000 EPS (or 50GB/day)
    • Maximum retention time of 3 days (raw data) and 7 days (metada)
    • How much will I need disk, memory and cpu?
    • What better family for this implementation (BS2, D4S, E4S, et.al.....)?

 

  • Scenario for Network (still in preview):
    • VM Network Hybrid or VM Network (Decoder and Concentrator)
    • Maximum retention time of 3 days
    • How much will I need disk, memory and cpu?
    • What better family for this implementation?
    • Considering this 60% retention and utilization time, how much maximum traffic per day can I support?

 

By way of example, I came up with the following drawing

Function

Memory

Disk

IOPS

Processor

Network

Network Decoder

16GB

3,95 TB

(SSD/SAS/HDD)

200

(50 read / 150 write)

4 vCPUs

x1 vNIC Managed Mode

x1 vNIC Promiscue Mode

Network Concentrator

16GB

2,25 TB (SSD)

3.120

(150 read / 2970 write)

4 vCPUs

x1 vNIC Managed Mode

Log Hybrid

32GB

2,0 TB (SSD/SAS/HDD)

3.350

(250 read / 3100 write)

4 vCPUs

x1 vNIC Managed Mode

 

What do you think of this sizing plan? In Azure, view this families:

  • Net Decoder: D4s_v3 - 4vCPU, 16GB RAM, 6400 IOPS - S50 (4TB disk - 500 IOPS)
  • Net Concentrator: D4s_v3 - 4vCPU, 16GB RAM, 6400 IOPS - P40 (2TB disk - 7500 IOPS)
  • Log Hybrid: E4s_v3 - 4vCPU, 32GB RAM, 6400 IOPS - P40 (2TB disk - 7500 IOPS)

 

 

azure netwitness azure microsoft azure

Outcomes