Forwarding to support multi-tier operation

A main reason for forwarding messages is to support multi-tier management as a method of scaling or organizing data. Any site that is interested in multi-tier operation must necessarily consider the forwarding capabilities and strategy of the program.

One common multi-tier strategy is to send all syslog messages to a central collector, and then keeps some of the data locally, and send other parts of the data to a higher-level collector. In the case of BMC Defender Server, the operator simply configures the correlation rules and alerting for a single BMC Defender Server site, and then forwards ticket information to a higher-level manager, that might or might not be another copy of BMC Defender Server. This permits massive scaling of information, where multiple servers exist in an enterprise.

In this scenario, each copy of BMC Defender Server is responsible for a particular class of device, department, user set, or other logical partition of data. Correlated results are forwarded up to a top-level manager.

This strategy supports massively scaling of  CPU and disk resources. Additionally, this type of distributed system keeps the data segregated (that might be an important security concern) and reduces network congestion and traffic by limiting the distance over which messages must transmit.

Note

BMC Defender Server is especially well suited for this management strategy since it is quick to install, completely web-based, and can co-exist with other software systems (reducing the need to buy hardware or install appliances.) This type of strategy can easily accommodate applications requiring many 100 thousand events per second, potentially millions of devices and users.

Related topic

Message-forwarding


 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*