Cisco Secure Network Analytics

Data Store Virtual Edition Deployment Overview 7.4.0

Table of Contents
Getting Started with the Cisco Secure Network Analytics Data Store 3
Introduction 3
Reference Documentation 4
Secure Network Analytics Data Store Virtual Appliance Prerequisites 6
Data Store Virtual Appliance Performance and Sizing 6
Manager VE 6
Flow Collector VE 7
Data Node VE 7
Secure Network Analytics Data Store Networking and Switching Considerations 9
Data Store Installation Next Steps 10
Contacting Support 11

© 2021 Cisco Systems, Inc. and/or its affiliates. All rights reserved. -2-
 Getting Started with the Cisco Secure Network Analytics Data Store

Getting Started with the Cisco Secure Network

Analytics Data Store
Introduction
The Cisco Secure Network Analytics (formerly Stealthwatch) Data Store provides a
central repository to store your network's telemetry, collected by your Secure Network
Analytics Flow Collectors. The Data Store is comprised of a cluster of Data Nodes, each
containing a portion of your data, and a backup of a separate Data Node's data. Because
all of your data is in one centralized database, as opposed to spread across multiple Flow
Collectors, your Manager (formerly Stealthwatch Management Console) can retrieve
query results from the Data Store more quickly than if it queried all of your Flow Collectors
separately. The Data Store cluster provides improved fault tolerance, improved query
response, and quicker graph and chart population.
In a Secure Network Analytics deployment with a Data Store, the Data Store cluster sits
between your Manager and Flow Collectors. One or more Flow Collectors ingests and
deduplicates flows, performs analysis, and reports data and results directly to the Data
Store, distributing it roughly equally to all of the Data Nodes. The Data Store facilitates
data storage, keeps all of your traffic in that centralized location as opposed to spread
across multiple Flow Collectors, and offers greater storage capacity than multiple Flow
Collectors. See the following diagram for an example.

© 2021 Cisco Systems, Inc. and/or its affiliates. All rights reserved. -3-
 Getting Started with the Cisco Secure Network Analytics Data Store

Reference Documentation
The following table describes relevant reference documentation for Data Store
deployment, and use:

Document Description

Secure
Review the Secure Network Analytics Release Notes to understand
Network
the latest information about the current Data Store release, including
Analytics
last-minute information.
Release Notes

Secure Review the Secure Network Analytics Hardware and Software Version
Network Support Matrix to understand the Manager and Flow Collector
Analytics appliance models that you can use with a Data Store.

© 2021 Cisco Systems, Inc. and/or its affiliates. All rights reserved. -4-
 Getting Started with the Cisco Secure Network Analytics Data Store

Hardware and
Software
Version
Support Matrix

Secure
Network
Analytics Review the Secure Network Analytics Appliance Specification Sheets
Appliance to understand the physical layout and capabilities of these appliances.
Specification
Sheets

Secure
Network
Review the Secure Network Analytics Smart Licensing Guide to
Analytics
understand how to license your Secure Network Analytics deployment
Smart
and appliances.
Licensing
Guide

Secure
Network
Review the Secure Network Analytics Data Store Virtual Edition
Analytics Data
Deployment and Configuration Guide to understand how to install the
Store Virtual
Cisco Secure Network Analytics Data Store as part of a Secure
Edition
Network Analytics system deployment. It describes the Secure
Deployment
Network Analytics system components and how they are placed in the
and
system, especially in relation to the Data Store.
Configuration
Guide

Secure
Network
Review the Secure Network Analytics Virtual Edition (with Data Store)
Analytics
Appliance Installation Guide to understand how to deploy and
Virtual Edition
configure your Secure Network Analytics virtual appliances, including
(with Data
the Manager and Flow Collectors. It describes the Secure Network
Store)
Analytics System components and how they are placed in the system,
Appliance
especially in relation to the Data Store.
Installation
Guide

© 2021 Cisco Systems, Inc. and/or its affiliates. All rights reserved. -5-
 Getting Started with the Cisco Secure Network Analytics Data Store

Review the Secure Network Analytics System Configuration Guide to

Secure
understand how to configure your Secure Network Analytics
Network
appliances after you deploy them and perform initial setup.
Analytics
System This guide applies to all Secure Network Analytics
Configuration appliances, regardless of whether you deployed a Data Store
Guide with your Secure Network Analytics deployment.

Secure Network Analytics Data Store Virtual Appliance

Prerequisites
The following table provides an overview for the virtual appliances required to deploy
Secure Network Analytics with a Data Store VE.

Virtual Appliance Component Supported Capacity

Data Store l 3 Data Nodes VE only

Manager l Minimum of 1 Manager VE

Flow Collector l Minimum of 1 Flow Collector VE

The Data Store supports Flow Sensors and UDP Directors in v7.3.1, v7.3.2, or later. You
are not required to deploy either with a Data Store. If you add an appliance to your cluster,
make sure your appliances all have the same version installed.
Note that you must obtain a Flow Rate (FPS) Smart License for your overall Secure
Network Analytics deployment.

Data Store Virtual Appliance Performance and Sizing

You cannot deploy a blended environment, with some Flow Collectors
configured for use with the Data Store, and other Flow Collectors configured for
use without a Data Store.

Manager VE
To determine the minimum resource allocations for the Manager VE, you should
determine the expected number of concurrent users.

© 2021 Cisco Systems, Inc. and/or its affiliates. All rights reserved. -6-
 Getting Started with the Cisco Secure Network Analytics Data Store

Refer to the following specifications to determine your resource allocations. For

information on Analytics, refer to the Cisco Secure Network Analytics Analytics Beta
Guide.

Required Required
Concurrent Minimum
Reserved Reserved
Users Storage Space
Memory CPUs

Up to 9 32 GB 4 125 GB

10 or more 64 GB 8 200 GB

Flow Collector VE
To determine your resource requirements for the Flow Collector VE you should determine
the flows per second expected on the network and the number of exporters and hosts it is
expected to monitor. Because Data Stores will store flows instead of the Flow Collectors,
the resource requirements are different depending on whether you deploy a Data Store.
Refer to the following specifications to determine your resource requirements:

Required
Flows Required Required
Minimum
per Interfaces Exporters Reserved Reserved
Data
second Memory CPUs
Storage

Up to
Up to 65535 Up to 2048 32 GB 6 200 GB
50,000

Up to
Up to 65535 Up to 4096 70 GB 8 200 GB
120,000

Data Node VE
To determine your resource requirements for the Data Node VE, you should determine the
flows per second (FPS) expected on the network. This also affects the resource
requirements for your Flow Collectors VE. Refer to Flow Collector VE for more
information on resource requirements.
You can deploy up to 3 Data Nodes VE to your network. You cannot deploy additional
Data Nodes VE.
If you deploy a Data Store VE with 3 or more Data Nodes VE, we recommend that for each
Data Node, calculate the storage allocation as follows:

© 2021 Cisco Systems, Inc. and/or its affiliates. All rights reserved. -7-
 Getting Started with the Cisco Secure Network Analytics Data Store

[[(daily average FPS/1,000) x 1.6 x days] / number of Data Nodes

l Determine your daily average (FPS)
l Divide this number by 1,000 FPS
l Multiply this number by 1.6 GB of storage for one day's worth of storage
l Multiply this number by the number of days you want to store the flows for total
Data Store storage
l Divide this number by the number of Data Nodes in your Data Store for storage
per Data Node

For example, if your system:

l has 50,000 daily average (FPS)

l will store flows for 90 days, and
l you have 3 Data Nodes

calculate per Data Node as follows:

[(50,000/1,000) x 1.6 x 90] / 3 = 2400 GB (2.4 TB) per Data Node
l daily average FPS = 50,000
l 50,000 daily average FPS / 1,000= 50
l 50 x 1.6 GB = 80 GB for one day's worth of storage
l 80 GB x 90 days per Data Store = 7200 GB per Data Store
l 7200 GB / 3 Data Nodes = 2400 GB (2.4 TB) per Data Node

Refer to the following specifications to determine your resource requirements:

Required
Flows per Required Required Minimum Data
Reserved
second Reserved CPUs Storage for 30 days
Memory

l 800 GB per Data Node

32 GB per Data 6 per Data Node
Up to 50,000 l 2.4 TB total across 3 Data
Node VE VE
Nodes

l 1.92 TB per Data Node

Up to 32 GB per Data 12 per Data Node
l 5.76 TB total across 3 Data
120,000 Node VE VE
Nodes

Up to 64 GB per Data 16 per Data Node l 3.52 TB per Data Node

© 2021 Cisco Systems, Inc. and/or its affiliates. All rights reserved. -8-
 Getting Started with the Cisco Secure Network Analytics Data Store

Required
Flows per Required Required Minimum Data
Reserved
second Reserved CPUs Storage for 30 days
Memory

l 10.56 TB total across 3

220,000 Node VE VE
Data Nodes

Secure Network Analytics Data Store Networking and

Switching Considerations
The following table describes networking and switching prerequisites and considerations
for your Data Store deployment:

Network
Description
Consideration

For each Data Node, Manager, and Flow Collector:

l Configured during initial System Configuration: root,

Necessary sysadmin
Credentials l Configured using Appliance Setup Tool: admin

Configured during Data Store initialization: dbadmin,

readonlyuser

l Configure an isolated LAN with a virtual switch so that the

Data Nodes can communicate with each other.
Inter-Data Node l We recommend that you deploy all of your Data Nodes VE on
Communications the same ESXi host. If you plan on deploying your Data Nodes
on separate ESXi hosts, contact Cisco Professional Services
for assistance in configuring the isolated LAN.

l SSH and SSH root access required for Manager, Data Nodes,
Secure Network and Flow Collectors, and configured from the Manager
Analytics l Manager and Flow Collectors must be able to reach all Data
Appliance Nodes
Communications l Data Nodes must be able to reach Manager, all Flow
Collectors, and each Data Node

© 2021 Cisco Systems, Inc. and/or its affiliates. All rights reserved. -9-
 Data Store Installation Next Steps

Data Store Installation Next Steps

After you review this guide:

l Review the Cisco Secure Network Analytics Release Notes for more information on
the current Secure Network Analytics Enterprise version.
l Review the Data Store Virtual Edition Deployment and Configuration Guide for more
information on deploying the Data Store.

© 2021 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 10 -
 Contacting Support

Contacting Support
If you need technical support, please do one of the following:

l Contact your local Cisco Partner

l Contact Cisco Support
l To open a case by web: http://www.cisco.com/c/en/us/support/index.html
l To open a case by email: tac@cisco.com
l For phone support: 1-800-553-2447 (U.S.)
l For worldwide support numbers:
https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html

© 2021 Cisco Systems, Inc. and/or its affiliates. All rights reserved. - 11 -
Copyright Information
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its
affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this
URL: https://www.cisco.com/go/trademarks. Third-party trademarks mentioned are the
property of their respective owners. The use of the word partner does not imply a
partnership relationship between Cisco and any other company. (1721R)

© 2021 Cisco Systems, Inc. and/or its affiliates.

All rights reserved.