cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
627
Views
5
Helpful
5
Replies

Simultaneous Primary & Secondary MARS design soultion

Shen.Chun
Level 1
Level 1

Hi,

How can we implement & design the primary & secondary MARS appliances simultaneously in our production environment?

I've read from the PDFs that an NAT device needed or the primary one should be shutdown while the secondary MARS restoring from the NAS storage.

The shutting down solution is not accepted from our patron, but the NAT solution ... how to implement & design?

Our primary MARS eth0 = 10.85.38.1/24

Our primary MARS eth1 = 10.85.40.1/24

Our NAS storage is at 10.85.40.100/24

where the NAT & Secondary MARS to implement?

The important is our patron wants to access both specific history & realtime data at the same time.

5 Replies 5

Farrukh Haroon
VIP Alumni
VIP Alumni

You can use different mount points on the NFS for the two MARS boxes, so that both can access the NFS at the same time (if needed).

Regards

Farrukh

Shen.Chun
Level 1
Level 1

ok ... tried it out (but not the different folder solution)

now our production environment has 2 different MARS appliances with its own "hostname, ip address" perspectively but one for realtime, one for history data analysis.

The most important => neither NAT nor offlining the primary MARS.

We can now simultaneously query the realtime & history data from the perspective primary & secondary MARS with the same NAS data.

Why the PDF said that there's a need of NAT device or shutting down the primary one? ... delivering the wrong information or just confusing the ppl ?

If my understanding is correct, your solution is different from the one suggested earlier. Your adopted solution drastically increases the SNMP/SYSLOG traffic on the network as each reporting device has to send data to both MARS.

Regards

Farrukh

Shen.Chun
Level 1
Level 1

Dear ...

Here are our production scenarios:

1.) 2 ASA5580-40 appliances in the Active/Standby failover mode.

2.) ASA5580-40 only permits the primary MARS appliance for SNMP query & Syslog delivering.

3.) 2 MARS55 appliances have their own IP address & hostname

4.) Primary & secondary MARS55's eth0 & NAS storage NIC1 are all at the same subnet-1.

5.) Primary & secondary MARS55's eth1 & NAS storage NIC2 are all at the same subnet-2.

6.) Primary MARS55 exports the archiving data to the NAS storage with :/MARS shared folder.

When time goes by, the queriable data from the primary MARS55 purged and there is a need to investigate & analyze the past purged data from the NAS storage.

At that time, we shouldn't shutdown the primary MARS55 for the restoring purpose.

That means the primary MARS55 should still process the real time log analysis for the production ASA5580-40.

Now we can use the same NAS shared folder (:/MARS) for the restoring data to the secondary MARS55.

After testing, we can query & analyze the real time data from the primary MARS55 and the past purged data (e.g., Syslog Raw Message data) from the secondary MARS when need it.

Of course, at that time, the SNMP traffic will increase a little but no drastic Syslog traffic occur (because we won't modify the ASA5580-40 syslog & SNMP configuration at all)

FYI ~

Oh ok, thanks for the detailed insight into your adopted design :)

Regards

Farrukh

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: