1014: Fully synced, tiered architecture with five HP ArcSight instances

Document created by tinacostilla on Sep 14, 2012Last modified by tliu on Jul 8, 2014
Version 2Show Document
  • View in full screen mode

1014

Fully synced, tiered architecture with five HP ArcSight instances

Speaker: Volker Michels, Vodafone Group Services

Attend this case study and see how one HP customer built a tiered HP ArcSight architecture—with one master ArcSight ESM and four tiered ESMs, including full HA  and dedicated databases—in which the content is fully synced between all ESMs and the architecture can handle approximately 35,000 EPSs. We’ll show you how we implemented HP ArcSight Logger for each ESM for long-term storage, with the tiered loggers searchable by the master logger. You’ll also see how, in addition to the production environment, we have a disaster-recovery site and a test environment that are fully synced. We will share how we currently cover approximately 6,000 EPSs at the manager level and nearly 20,000 at the connector level (before filtering and aggregation).

Attachments

Outcomes