Supervisor with Collectors Deployment for Enterprises

Leave a reply
Supervisor with Collectors Deployment for Enterprises

There are two cases where a single Supervisor may not be enough for your deployment.

There are monitored devices behind a firewall that will not allow monitoring protocols like Windows Management Instrumention (WMI) to be used from the Supervisor

The Supervisor can only reach the monitored devices through a high latency network like a Wide Area Network (WAN), in which case monitoring like protocols like Simple Network Management Protocol (SNMP) or WMI do not work well

In these cases you can deploy Collectors to monitor the devices, and they will communicate to the Supervisor over HTTP(S). The Collectors communicate with the devices, collect and parse events and logs, compress them, and then send them to the Supervisor for monitoring and analysis. Collectors also can buffer the events, in case transmission to the Supervisor is interrupted. As shown in the diagrams, you can use Collectors in a deployment with a single Supervisor, or in a deployment that also includes Workers.

An AccelOps deployment with a single Supervisor and Collectors

An AccelOps deployment using a Single Supervisor + 2 Workers + 2 Collectors

Matrix of Enterprise Deployment Configuration Options

This matrix shows the components required for each enterprise deployment option.

Deployment Option Supervisor

Node

 Worker

Node

 Collector

Node

 NFS

Server

 Report

Server

 Visual

Analytics

Server

 Description
Single Supervisor Node         x           This is the most basic single site enterprise deployment.
Supervisor Node with

Collectors

         x          x       This is also an enterprise deployment covering multiple sites. Data collection is simplified by deploying a collector for the satellite sites.
Enterprise Cluster         x         x        x     This is the scalable enterprise deployment. An NFS Server is required in the data sharing architecture between Supervisor and Worker nodes.
Enterprise Cluster with

Collectors

         x         x        x      x     This deployment adds collectors to the mix and is the most comprehensive enterprise deployment.
Supervisor Node with

Tableau Visual Analytics

         x          x  x This is the most basic single node enterprise deployment, with added capability for Visual Analytics with Tableau
Supervisor Node with

Collectors and Tableau

Visual Analytics

         x          x      x  x This is also an enterprise deployment covering multiple sites with added capability for Visual Analytics with Tableau. Data collection is simplified by deploying a collector for the satellite sites.
Enterprise Cluster with Ta bleau Visual Analytics         x         x        x    x  x This is the scalable enterprise deployment with added capability for with added capability for Visual Analytics with Tableau. An NFS Server is required in the data sharing architecture between Supervisor and Worker nodes.
Enterprise Cluster with

Collectors and Tableau

Visual Analytics

         x         x        x      x    x  x This deployment adds collectors to the mix and is the most

comprehensive enterprise deployment, with added capability for Visual Analytics with Tableau.

 

This entry was posted in Administration Guides, FortiSIEM on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.