Article

(View Disclaimer)

I’ve had the luck to be involved in several large scale Sentinel installations over the last few years. I’ve learned a few things that I think should be shared.

• You or your client must have a real support contract.
  • No I’m not trying to boost sales, a number of times we’ve had to open a ticket for something that had to go to engineering. The latest was for an error: “Could not find leaf with id 3BB664CA-E8C5-1026-9D61-000D56BF9AF6”… Yeah, I don’t know what it means either. Neither did frontline support. A support contact is worth the money. Don’t skimp.
• Know how much data you generate and how much you need to store.
  • Both of these numbers are very important in determining how big your infrastructure needs to be and how much disk space you really need. Depending on who you speak with, you need a das_binary server for every 1500 events per second (EPS). The other part of the equation is space. Plan on 600kb per event. It adds up quickly. On a current project, they average 500eps. This in turn uses 5TB of disk space to store 45 days worth of data. This brings us to our next issue.
• Calculate the amount of disk space you’ll need, and then add at least 10 percent.
  • Disk space is cheap compared to your time. If you fill your DB, you will spend hours, if not days trying to correct the issue. Trust me, having enough space for your data is probably one of the most important architecture decisions you will make. Oh, and yes, you really use that much space. We have a calculator that will give you the base sizing on our website. The calculator is based on figures provided in the installation guide, however, based on experience, double or triple the result to account for summaries and indexes. During a recent architecture meeting our client estimated their event rate at 4500eps. They then stated we want to keep one year online. They space requirements came out to over 100TB. They scaled back to a more reasonable 90 days online.
• Know what your corporate, state and federal policies are. They have bearing on your requirements.

I hope this helps prepare you for your implementation. More nuggets to come.

Disclaimer: As with everything else at Cool Solutions, this content is definitely not supported by Novell (so don't even think of calling Support if you try something and it blows up).

It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test, test, test before you do anything drastic with it.