Deploying virtualized nodes? Possible solution for backup manager node. #13889
Replies: 2 comments
-
|
That should work, so long as only one of the Manager VMs is active at a time. Another option would be to run a Receiver node as part of the grid to provide a secondary data path from the Forward Nodes to the Search Nodes -- in that case, even if the Manager goes down, the data will continue to be ingested properly. I suppose the question is what exactly you need a backup for -- the Manager interface, or its function as part of the data pipeline. |
Beta Was this translation helpful? Give feedback.
-
|
I am working on the similar deployment with same requirement for redundancy as you. I am using hyper-v and all node are strictly VM. Please track my other post relating to this Distributed Deployment. We planning to get the support contract when we go live but for now I just want to learn the in-out of the Distributed model and to troubleshoot when thing go wrong. I know at the minimum the Manager Search Mode Installed worked. Currently my setup is Manger, Search, Receiver, Fleet - issue i am facing is not getting data in SOC. will see how this resolve |
Beta Was this translation helpful? Give feedback.
-
Version
2.4.100
Installation Method
Security Onion ISO image
Description
installation
Installation Type
Distributed
Location
on-prem with Internet access
Hardware Specs
Exceeds minimum requirements
CPU
20
RAM
18GB
Storage for /
166G
Storage for /nsm
3.4TB
Network Traffic Collection
span port
Network Traffic Speeds
Less than 1Gbps
Status
Yes, all services on all nodes are running OK
Salt Status
No, there are no failures
Logs
No, there are no additional clues
Detail
We plan on upgrading our current standalone box to a distributed system at the beginning of next year. Management has required redundancy in the system. Mostly for data (log/elastic,etc). We are currently running our standalone in a KVM intance. Been solid like that for 5 years. Our company is big on having a backup (failover) device for everything. We run monthly exercises where we simulate one data center going down, and roll everthing to out "backup" datacenter. To keep our management happy with this practice, I was thinking about using 2 physical servers (with local storage) and building the nodes to my solution in VMs.
I'm thinking of an architecture consisting of a manager node VM, storage node VM, and forward node VM on one KVM server. On the second box, I was thinking about a storage node VM for redundancy. I'm not sure if the current SO 2.4.110 supports replicas out of the box, but I think that' what I would want so I have 2 copies of all of my data. Does that part sound reasonable?
That leaves the issues of a backup for a forward node and manager. My thought was to use something like DRBD (between the physical boxes) to house the storage for those nodes. My thought is that if I can use something like DRBD, but ensure the VM is ONLY RUNNING ON ONE OF THE BOXES at a time, it may work. In other words, if my manager is running on "Server A" and the underlying storage is being replicated to "Server B". The manager on "Server B" is kept "POWERED OFF". When I wanted to swap to the "backup" manager, I could power it down on "Server A", before powering up on "Server B". This way, I have logically one manager with the same IPs, keys, MAC addresses, etc. I think this could be a solution with the backup "forward" node as well.
Does anyone have any suggestions why this would or would not work. How about a better solution. Remember, I want all of my data to be consistent at the end. A few minutes to stop/start a VM is acceptable to me. I actually think the forward node would just queue the data until a manager came back up.
Thanks for any help/suggestions.
Guidelines
Beta Was this translation helpful? Give feedback.
All reactions