Configure a distributed architecture

This section describes how to configure an ASMS distributed architecture, supported only on VMs or AlgoSec Hardware Appliances.

Note: This section does not refer to AutoDiscovery Remote Agents. For more information about AutoDiscovery Remote Agents, see Deploy AutoDiscovery

Note: ASMS also support high availability (HA) distributions.

For more details, see Deploy clusters and distributed architectures and Manage clusters.

Overview of ASMS Distributed Architecture Processes

By distributing tasks and resources across multiple nodes, the ASMS system can handle increased workloads, recover from individual component failures, and distribute tasks evenly to prevent overloading of a single node. The central manager oversees four primary processes:

  • Data Collection

  • Syslog Collection

  • Monitoring

  • Analysis

These processes can be spread across Remote Agents or Load Distribution Units, as shown in the following table.

AFA Process

Central Manager

Remote Agent

Load Distribution Unit

Data Collection

*

Syslog collection

**Can be configured

 

Monitoring

Analysis

 

* Connectivity from slave host to the onboarded devices must be configured exactly like done on the CM. (Optionally, the data collection functionality can be disabled. In this case, the CM will perform data collection. Note that this will degrade performance. See Advanced Configuration parameter Data_Collection_Slaves).

** To collect syslog on the Remote Agent, See Advanced Configuration parameter SharedSyslogConfigRAs.

Configure load distribution

ASMS load distributions have a single Central Manager, and one or more Load Units, all in the same geographical location. Each device analysis and monitoring is assigned and processed by a specified Load Unit. All Load Units run these processes in parallel and send results back to the Central Manager.

Reports are stored on the Master Appliance only. Additionally, access the AFA web interface via the address of the Master Appliance only.

Do the following:

  1. Log in to AFA from the appliance you want to define as the Master Appliance. For details, see Logins and other basics.
  2. Enable distributed processes. For details, see Enabling distributed processing.
  3. In AFA, add each Load Unit, and then add the new IP addresses to the AFA database. For details, see Add or edit Load Units.
  4. Enable connectivity from slave host to each onboarded device exactly like done for the CM (communication, permission, keys, etc).

Maximum concurrent analysis and query processes

The maximum number of concurrently running analysis and query processes is equal to the total number of CPU cores, on all Load Units together.

View the status of each analysis and the Load Unit it's running on, in the Analysis Status page in AFA. To view this, click the Analysis Status button next to the user menu.

Minimum and maximum numbers of Load Units

When distributed processing is enabled, a Load Unit is automatically added to the Central Manager, and half of the Central Manager's cores are used to run analysis and queries.

For example, if the Central Manager has 8 cores, 4 of them will be used for the Load Unit.

Back to top

Configure geographic distribution

ASMS geographic distribution configurations have a Central Manager appliance in one location, and several Remote Agent appliances in other locations. Remote Agents manage and collect data from any devices local to their locations, and send all data to the Central Manager.

The Central Manager manages the Remote Agents, and can also act as a Remote Agent for any co-located devices.

Reports are stored on the Central Manager only. Additionally, access the AFA web interface via the address of the Central Manager.

Do the following:

  1. Log in to AFA from the appliance you want to define as the Central Manager. For details, see Logins and other basics.
  2. Enable distributed processes. For details, see Enabling distributed processing.
  3. In AFA, add each Remote Agent appliance. For details, see Add or edit Remote Agents.

Note: ASMS also supports high availability configurations for remote agents. Upon failover, the master remains connected to the cluster node that is currently active. For more details, see Manage clusters.

Note: Two devices in the same AFA environment that are manged by different Remote Agents, cannot have the same name.

Back to top

 

â See also: