Video Screencast Help

HA in SSIM (?)

Created: 22 Jun 2007 • Updated: 22 May 2010 | 4 comments
ufo109's picture

We often receive question from our customers about HA functionality in SSIM solution.
Does Symantec think about it or it have no future. I understand, that SSIM appliance has RAID1 for system and RAID5 for database. But what's about HA for hardware? Any hardware breakdown causes the business loss, especially when customer want to correlate and store his events in near real-time.
Maybe someone tried it to implement...

Comments 4 CommentsJump to latest comment

Fergal's picture

There are a number of High availablity architectures and features possible with SSIM today.  Note for example that the agents can failover to a multiple backup SSIM systems.  We are currently working on a Technical Brief that describes these archietcures. Also we have some new features coming in 4.6 (Incident forwarding, evant forwarding fail over) that will add to the HA architectures that can be created.


lukaszfr's picture

So I can see that SSIM 4.6 will have interesting new features.
Could you tell more about feature called Incident Forwarding? Is it regarding multi-appliance architecture and determines that smaller forwarding appliance will be handle with correlation issues and then forwards newly created incidents to the main correlation appliance? Or maybe is it regarding auto-forwarding through the relay to the helpdesk system?


ufo109's picture

I have one additional question...
In SSIM 4.5.1 in SSIM Console I noticed, that in Manager Configuration --> Web Server exists a parameter "Clustered server virtual address". Does this parameter active and fully functional in SSIM 4.5 or not? If yes, how in practice can we use this parameter in SSIM's cluster deployment? Or maybe it is only nonactive parameter in this version of SSIM...


Message Edited by ufo109 on 07-04-200706:03 AM

Fergal's picture

Incidnet forwarding is literally that.  It forwards the actual incident to any other SSIM system.  It will be mostly used for supporting a centralised "super" incidnet manager for use by a Managed Service provider.  However it has other uses in the HA realm and others.