AnsweredAssumed Answered

RSA Security Analytics Licensing Storage Clarification

Question asked by Khwaja Zia ul Hasan on Aug 23, 2015


I am a little bit confused in the selection of devices, when preparing a BoM for RSA Security Analytics – Network Monitoring (Packets).

For example we have a client who has expected line rate of around 700Mbps and peak line rate of around 800Mbps. We need to give them a retention for 21 days.

If we calculate the Daily aggregate throughput in TBs’ it is 8.24TB per day.

For 21 days we need atleast (8.24 * 21) = 173.04TB storage.

If we go with the old licensing methodology and look at the AIO box it has internal capacity of 4.2TB and if we add external DAC as well of 32TB it has 28TB for packets i.e. it is going to be 32.2TB altogether. Since it is an AIO box, we can’t add another DAC with it. Similar is the case with Hybrid. So this means that we have to go with the distributed environment.


So if we now look at the BoM it is going to be somewhat like this:

Security Analytics Server

SA-S4H-AS Qty=01

Decoder Unit

SA-S4H-P-DEC Qty=01

Decoder Capacity

SA-DACHD-P (46TB HD DAC) Qty=04 (Because it is going to be 184TB fulfilling our requirement of 173.04TB)

Concentrator Unit


Concentrator Capacity

How is this going to be calculated


So basically what I want to know is that my BoM and my concept on this are correct or not? and what is the procedure to calculate the Concentrator capacity?


I hope I was able to convey my question.