Versions Compared

Old Version 15

changes.mady.by.user jorge.rueda

Saved on

compared with

New Version Current

changes.mady.by.user Steve Challans

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Info
titleSnare Central - Minimum Hardware Requirements
  • A 64-bit x86 compatible CPU (eg: Pentium Core I5, AMD64), preferably with two cores or more.
  • 500GB 550GB of hard disk space or more if additional memory is added as it will affect the disk space allocations and swap space usage. The physical drives should be recognized by the operating system as either IDE, SATA, Fibre Channel SAN or SCSI. Hardware RAID may be used, as long as the RAID controller is capable of either emulating normal IDE/SATA/SCSI protocols, or has a supported driver available in Snare.
  • 2 8 GB RAM minimum, 4GB 16GB recommended or more. If using Snare Analytics dashboards then add another 16-32 GB of memory. 
  • A 100 megabit, or (preferably) a 1000 megabit (1 Gigabit) network card.

  • Keyboard, mouse and monitor as appropriate. 


This configuration may also be appropriate for sites with a medium number of source systems, that just want to use Snare Central for the reflector functionality, and do not require any local reporting or data analysis. Reflector-only sites with high volumes of incoming data, or a count of source agents that is in the upper quarter of the 'larger configuration' maximum, may need to increase the CPU, disk and memory capacity to cope with the additional load.

...

Info
titleSnare Central- Small Configurations

Small environment up to 500 systems (<= 1,000 EPS)

  • A 64-bit x86 compatible CPU (eg: Pentium Core I7, Xeon), preferably with four (4) cores (8 virtual cpu's) or more.
  • 1TB of hard disk space or more. These should be recognized by the operating system as either IDE, SATA, Fibre Channel SAN or SCSI. Hardware RAID is recommended, as long as the RAID controller is capable of either emulating normal IDE/SATA/SCSI protocols, or has a supported driver available in Snare.
  • 16 GB RAM minimum, 32 GB RAM or more depending on the reporting needs of the system. If using Snare Analytics dashboards then add another 16-32 GB of memory. 
  • A 100 megabit, or (preferably) a 1000 megabit (1 Gigabit) network card.

  • Keyboard, mouse and monitor as appropriate. 

For large to very large environments please contact your Snare Sales representative.


Info
titleSnare Central- Moderate Configurations

Moderate environment up to 2,000 systems (<= 5,000 EPS)

  • A 64-bit x86 compatible CPU (eg: Xeon), preferably with eight (8) cores (16 virtual cpu's) or more.
  • 1-2TB of hard disk space or more, it will depend on the data retention needs. These should be recognized by the operating system as either IDE, SATA, Fibre Channel SAN or SCSI. Hardware RAID is recommended, as long as the RAID controller is capable of either emulating normal IDE/SATA/SCSI protocols, or has a supported driver available in Snare.
  • 32 GB RAM minimum, 64 GB RAM or more depending on the reporting needs of the system. If using Snare Analytics dashboards then add another 16-32 GB of memory. 
  • A 100 megabit, or (preferably) a 1000 megabit (1 Gigabit) network card.

  • Keyboard, mouse and monitor as appropriate. 

For large to very large environments please contact your Snare Sales representative.


Info
titleSnare Central- Moderate- Larger Large Configurations

Larger environment up to 5,000 systems (<= 10,000 EPS)

  • A 64-bit x86 compatible CPU (eg: Xeon), preferably with twelve (12) cores (24 virtual cpu's) or more.
  • 5-10TB of hard disk space or more depending on the data retention needs. These should be recognized by the operating system as either IDE, SATA, Fibre Channel SAN or SCSI. Hardware RAID is recommended, as long as the RAID controller is capable of either emulating normal IDE/SATA/SCSI protocols, or has a supported driver available in Snare. For larger environments the disk speed becomes more critical so fast disk subsystems can be essential. The usage of fast fibre channel, SSD, NVME/flash disk storage systems maybe required to keep up with the IO demands on the system. 
  • 64 GB RAM minimum, 128 GB RAM or more depending on the reporting needs of the system. If using Snare Analytics dashboards then add another 16-32 GB of memory. 
  • A 100 megabit, or (preferably) a 1000 megabit (1 Gigabit) network card.

  • Keyboard, mouse and monitor as appropriate. 


Info
titleSnare Central- Larger Configurations

Larger environment up to <= 25,000 EPS

  • A 64-bit x86 compatible CPU (eg: Xeon), preferably with sixteen(16) cores (32 virtual cpu's) or more. If the system has high load average more than the number of CPUs and reports or log collection are taking to long then consider adding more CPUs.
  • 20TB of hard disk space or more depending on the data retention needs. These should be recognized by the operating system as either IDE, SATA, Fibre Channel SAN or SCSI. Hardware RAID is recommended, as long as the RAID controller is capable of either emulating normal IDE/SATA/SCSI protocols, or has a supported driver available in Snare. For larger environments the disk speed becomes more critical so fast disk subsystems can be essential. The usage of fast fibre channel, SSD, NVME/flash disk storage systems maybe required to keep up with the IO demands on the system. 
  • 256 GB RAM minimum, 384GB RAM or more depending on the reporting needs of the system. If using Snare Analytics dashboards then add another 16-32 GB of memory.
  • A 1000 megabit (1 Gigabit) network card or more for log collection.

  • Keyboard, mouse and monitor as appropriate. 


For large to very large environments please contact your Snare Sales representative.

...

Info
titleSnare Central - Snare Advanced Analytics

A Snare Advanced Analytics installation dashboards will generally require more resources than a baseline Snare Central install.

The following additions should me made to any baseline installation:

  • Add 8-32 gigabytes of RAM to provide ElasticSearch the backend with appropriate memory.

  • Triple your predicted hard-drive space.

    • In general, ElasticSearch requires approximately 10x the disk space for storage, for the same source data, when compared to Snare Central.
    • However, only a limited subset of high-value events are generally pushed to the Elastic Server by the Snare collection subsystem, and regular event rotation is used, which reduces the total recommended space requirements.

...