Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Appliance Requirements

 

Before you add a secondary appliance to your JSA host, you must review the hardware configuration differences between your primary and secondary appliances.

Appliances that you order as primary and secondary HA pairs are matched to ensure compatibility. However, replacing an appliance or adding HA to an older host with a different hardware configuration can lead to data replication issues. Data replication issues can occur when you replace end-of-life hardware or create primary and secondary HA pairs that have appliances from different manufacturers.

Partition requirements for /store

The combined size of the /store and /transient partitions on the secondary host must be equal to or larger than the /store partition on the primary host.

For example, do not pair a primary host that uses a 4 TB /store partition to a secondary host that has a 2 TB /store partition and a 1 TB /transient partition.

Storage Requirements

Follow these storage requirements when you replace an appliance:

  • Ensure that the replacement appliance includes storage capacity that is equal to or greater than the original hardware you replace, and be at least 130 gigabytes (GB).

  • Secondary replacement appliances can have larger storage capacity than the primary appliance. If so, partitions on the secondary are resized to match the storage capacity of the primary appliance when you configure the HA pair.

  • Primary replacement appliances can have larger storage capacity than the secondary appliance. If so, partitions on the primary are resized to match the storage capacity of the secondary appliance when you configure the HA pair.

  • If you replace both primary and secondary appliances, then the system resizes the storage partition that is based on the appliance with the smallest capacity.

Managed Interfaces

  • The primary host does not contain more physical interfaces than the secondary.

    If there is a failover, the network configuration of the primary is replicated to the secondary host. If the primary is configured with more interfaces, any additional interfaces cannot be replicated to the secondary during a failover.

  • The secondary host must use the same management interface as the primary HA host.

    If the primary HA host uses ens192, for example, as the management interface, the secondary HA host must also use ens192.

  • The management interface supports one cluster virtual IP address.

  • TCP port 7789 must be open and allow communication between the primary and secondary for Distributed Replicated Block Device (DRBD) traffic.

    DRBD traffic is responsible for disk replication and is bidirectional between the primary and secondary host.

  • You must ensure the JSA software version is identical between the primary and secondary host before you pair a primary to a secondary appliance for the first time.

    If the JSA version between your primary and secondary differ, you must patch either the primary or secondary appliance to ensure both appliances use the same software version.

    After the primary and secondary appliances are paired together, disk replication ensures that any additional software updates are also applied to the secondary.

Software and Virtual Appliance Requirements

If you use JSA software on virtual appliances, review the following requirements before you attempt to configure High-availability (HA).

System Requirements for Virtual Appliances

To ensure that JSA works correctly, ensure that virtual appliance that you use meets the minimum software and hardware requirements.

Your virtual appliance must have at least 256 GB of storage available. Before you install your virtual appliance, use the following formula to determine your storage needs:

(Number of Days) x (Seconds in a day) x (Events per second rate) x (Average size of a log event x 1.5 JSA normalized event overhead) x 1.05 / (1000 x 1000 x 1000) + 40 GB

The following table describes the minimum memory requirements for virtual appliances.

Table 1: Minimum and Suggested Memory Requirements for JSA Virtual Appliances

Appliance

Minimum memory requirement

Suggested memory requirement

Flow Processor Virtual

12 GB

48 GB

JSA Event Collector Virtual

12 GB

16 GB

JSA Event Processor Virtual

12 GB

48 GB

JSA Flow Processor Virtual

12 GB

48 GB

Virtual JSA All-in-One or Virtual JSA Console

24 GB

48 GB

Virtual JSA Log Manager

24 GB

48 GB

JSA Risk Manager

24 GB

48 GB

JSA Vulnerability Manager Processor

32 GB

32 GB

JSA Vulnerability Manager Scanner

16 GB

16 GB

The following table describes the minimum CPU requirements for virtual appliances.

Table 2: CPU Requirements for JSA Virtual Appliances

Appliance

Threshold

Minimum number of CPU cores

Suggested number of CPU cores

JSA Event Collector Virtual

2,500 EPS or less

4

16

5,000 EPS or less

8

16

20,000 EPS or less

16

16

JSA Event Processor Virtual

2,500 EPS or less

4

24

5,000 EPS or less

8

24

20,000 EPS or less

16

24

40,000 EPS or less

40

40

80,000 EPS or less

56

56

JSA Flow Processor Virtual

150,000 FPM or less

4

24

300,000 FPM or less

8

24

Virtual JSA All-in-One or Virtual JSA Console

25,000 Flows per minute (FPM) or less

500 EPS or less

4

24

50,000 FPM or less

1,000 EPS or less

8

24

100,000 FPM or less

1,000 EPS or less

12

24

200,000 FPM or less

5,000 EPS or less

16

24

Virtual JSA Log Manager

2,500 Events per second (EPS) or less

8

16

5,000 EPS or less

4

4

JSA Vulnerability Manager Processor

 

4

4

JSA Vulnerability Manager Scanner

 

4

4

JSA Risk Manager

 

8

8