Novell SENTINEL 6.1 SP2 - INSTALLATION GUIDE 02-2010 Installation Manual page 22
Hide thumbs
Also See for SENTINEL 6.1 SP2 - INSTALLATION GUIDE 02-2010:
- Reference manual (232 pages)
Table of Contents
Advertisement
Available hardware
Preferred operating systems
Plans for future scalability
Amount of event filtering expected
Local data retention policies
Desired number and complexity of correlation rules
Expected number of incidents per day
Expected number of workflows to be managed per day
Number of users logging in to the system
Vulnerability and asset infrastructure
The most significant factor in the Sentinel system design is the event rate; almost every component
of the Sentinel architecture is affected by increasing event rates. In a high-event-rate environment,
the greatest demand is placed on the database, which is I/O-dependent and might be simultaneously
handling inserts of hundreds or thousands of events per second, object creation by multiple users,
workflow process updates, simple historical queries from the Sentinel Control Center, and long-term
reports from the Crystal Reports Server. Therefore, Novell makes the following recommendations:
The database should be installed without any other Sentinel components.
The database server should be dedicated to Sentinel operations. Additional applications or
Extract Transform Load (ETL) processes might impact database performance.
The database server should have a high-speed storage array that meets the I/O requirements
based on the event insertion rates.
A dedicated database administrator should regularly evaluate and maintain the following
aspects of the database:
Size
I/O operations
Disk space
Memory
Indexing
Transaction logs
In low-event-rate environments (for example, EPS < 25), these recommendations can be relaxed,
because the database and other components use fewer resources.
This section includes some general hardware recommendations as guidance for Sentinel system
design. In general, design recommendations are based on event rate ranges. However, these
recommendations are based on the following assumptions:
The event rate is at the high end of the EPS range.
The average event size is 600 bytes.
All events are stored in the database (that is, there are no filters to drop events).
Thirty days worth of data is stored online in the database.
Storage space for Advisor data is not included in the specifications mentioned in the tables later
in this section.
22
Sentinel 6.1 Installation Guide
Advertisement
Table of Contents
Related Manuals for Novell SENTINEL 6.1 SP2 - INSTALLATION GUIDE 02-2010
Related Products for Novell SENTINEL 6.1 SP2 - INSTALLATION GUIDE 02-2010
- NOVELL ZENWORKS LINUX MANAGEMENT 7.3 IR2 - ADMINISTRATION GUIDE 02-12-2010
- NOVELL APPARMOR 2.0.1 - ADMINISTRATION GUIDE 05-2008
- NOVELL EDIRECTORY 8.8 - GUIDE 09-2006
- NOVELL IFOLDER 3.X - SECURITY ADMINISTRATOR GUIDE 08-15-2006
- NOVELL INTELLISYNC MOBILE SUITE 7.0 - SECURE GATEWAY ADMINISTRATOR GUIDE 04-2006
- NOVELL LINUX ENTERPRISE DESKTOP 10 SP1 - START UP GUIDE 03-15-2007
- NOVELL LINUX ENTERPRISE SERVER 10 - START-UP GUIDE 06-12-2006
- NOVELL LINUX ENTERPRISE SERVER 10 SP2 - STARTUP GUIDE 05-08-2008
- NOVELL LINUX ENTERPRISE SERVER 10 SP2 - STORAGE ADMINISTRATION GUIDE 05-15-2009
- NOVELL OPEN ENTERPRISE SERVER 2 SP2 - LAB GUIDE 01-19-2010
- NOVELL PLATESPIN ORCHESTRATE 2.0.2 - HIGH AVAILABILITY CONFIGURATION GUIDE 06-17-2009
- NOVELL PRIVILEGED USER MANAGER 2.2.1 - ADMINISTRATION GUIDE 03-31-2010
- NOVELL SERVER CONSOLIDATION MIGRATION TOOLKIT 1.2 - ADMINISTRATION GUIDE 09-2007
- NOVELL ZENWORKS APPLICATION VIRTUALIZATION 8.0 - INTEGRATION AND STREAMING GUIDE 05-07-2010
- NOVELL ZENWORKS LINUX MANAGEMENT 7.2 IR2 - ADMINISTRATION GUIDE 09-25-2008
- NOVELL ZENWORKS NETWORK ACCESS CONTROL 5.0 - INSTALLATION GUIDE 09-22-2008