Deployment / Options
DNIF deployment is easy, it is able to scale up or scale down based on the demands of the environment.
The DNIF platform by default comes to you as a soft appliance, which can be installed on any commodity hardware, virtual appliance or cloud infrastructure. It can be installed in a two stage process, one which includes installing the operating system and second that installs and configures the engine. Know more about the installation process at the getting started guide for DNIF.
Scaling your installation
You can seamlessly scale your DNIF installation up and down depending upon your requirement. An installation can be as small as a single instance or it could be a modularly scaled deployment that can continue to grow along with your data requirements. Here are three deployment styles available, but before you go further ensure you understand the core components of the platform as described in the architecture section. One can explore the different deployment options as described below:
A10 stands for All-in-One which includes all three (adapter, datastore and correlator) components required by the platform integrated into a single instance. The standalone deployment is great for small medium data requirements and is the default deployment model available for the free tier. All upgrades from the standalone deployment to the standard or enterprise deployment will require a full reinstall and migration, while the other models can easily be upgraded or extended.
The standard installation includes a single instance of each component making the deployment tiered and distributed. This deployment model can be scaled out by adding additional components to the cluster and growing the overall capacity of the installation. This model also allows you to distribute the components across locations to achieve shared or aggregated topologies. This is a great starting point for enterprise environment that will scale over time.
The enterprise deployment of the platform is a distributed extension of the standard deployment. Apart from being able to process large volume of data, the enterprise deployment also has redundancy built into each individual component, this ensures that the cluster will always auto heal on component failure by re-balancing the indexes. The enterprise deployment also has advanced infrastructure capabilities like replication and failover.
Multi-tenancy for service providers
Service providers often are required to become an aggregator for smaller customers and deliver analytics from a shared infrastructure, this without compromising the privacy between customers and their data. The DNIF platform is able to delivery this model where:
- Each customer is able to send data to a common infrastructure over an encrypted link
- All data is indexed and remains segregated within a common cluster of datastores.
- The service provider is able to view incidents and alerts from all customers in a single window
- Each customer is able to individually login to the console and search / query / report / visualize their data only.
- Customers can create users, run queries, execute reports without any restriction
Deployment / Architecture
DNIF was designed to support complex architectures, it has the capability to quickly deploy simple single location environments while also being able to scale out to complex service provider scenarios without compromising on the features or the capability of the platform.
On Premise Deployment
Customers requiring to aggregate and process events without having to transmit data to a third party location (or provider) are required to have an on premise (on-prem) deployment.
DNIF is able to provide a configuration where all components are installed within the infrastructure and the analysts are able to process data locally. This on-prem solution could be either a standalone, standard or enterprise deployment (see Deployment Options for different configurations).
A similar setup could also be ported to a public or private cloud. The on-prem architecture provides an unrestricted environment that you can control.
In many cases you would like to aggregate your data to a central location, maybe your datacenter or your analytics hub. In these situations you would like to keep deployments light on the remote (branch) locations, while shipping log events to the central hub.
DNIF has the capability to aggregate data across multiple adapters and index data into a single datastore. All the data can be made available under a single scope or be indexed under multiple scopes. Irrespective of the indexing configuration, all the data can be analyzed from a single console window.
Enterprise environments that are spread across multiple geographical locations require to aggregate data locally while searching and analyzing data at a central operations center.
DNIF enables you to aggregate data from multiple locations (deployments) into a single operations console. The subscription model also allows you to deploy multiple datastore without having to worry about unit cost of correlation engines. Each branch location can be deployed as standalone, standard or enterprise deployments options, allowing it to scale down or up depending upon the data requirements of the environment.
The operations staff must have direct access to the datastore (or A10 device) in order to fetch data to the screen. This model is also an ideal option for Managed Service Providers (MSP) where a shared operations team could remotely monitor multiple customers using a single window. This model also helps customers retain data on-premise which is a key compliance requirement.
MSPs and infrastructure providers who would like to offer analytics as a cloud service need a platform that can host multiple customers on a single infrastructure. Data access requirements can vary for different providers, some cases require each customer to have individual access to their data while in some cases the MSP is required to provide a central operations center across customers.
DNIF is able to deploy multi-tenant architectures that enables providers to setup cloud models that have the following features:
- The service provider can have a single console across customers
- Each customer can have individual console access being able to search, analyze, correlate, visualize and report on only their data
- The MSP can have billing setup for individual customers
- Each customer can apply custom rules, dashboards and reports
- The MSP can sync common rules, reports and dashboards across customers