Fortinet black logo

Administration Guide

Home FortiAnalyzer BigData 6.2.1 Administration Guide

Key terms and concepts

6.2.1
7.4.0
7.2.7
7.2.6
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.6
7.0.5
7.0.4
7.0.3
7.0.1
6.4.6
6.4.5
6.2.5
6.2.1
Copy Link
Copy Doc ID 68feed8c-a766-11ea-8b7d-00505692583a:193478
Download PDF

Key terms and concepts

This section contains key terms used in FortiAnalyzer-BigData.

Security Event Manager

The Security Event Manager is formed by Blade A2–A14 to perform the workload for data processing, persistence, query, and management of security log events.

Security Event Manager Controller

The Security Event Manager Controller is a single host within the Security Event Manager that functions as the main controller for the hosts. This host is usually Blade A2 of the chassis and is responsible for the DHCP, configuration management, and lifecyle management such as upgrades, resets, and more.

Security Event Manager Host(s)

This refers to Blade A2–A14, which are the hosts that form the Security Event Manager.

Blade

This refers to the physical blade server enclosed within the FortiAnalyzer-BigData chassis.

The Chassis Management Module

The Chassis Management Module (CMM) is used to remotely manage and monitor server hosts, power supplies, cooling fans, and networking switches. The CMM comes with a web management utility that consolidates and simplifies system management for the FortiAnalyzer-BigData chassis.

The web management utility aggregates and displays data from the CMM and provides the following key management features:

  • Enables administrators to view in-depth hardware-level status information using a single interface.
  • Provides an OS-independent, remote graphical console.
  • Allows remote users to power control all or each of the blades.
Controller

This refers to the Security Event Manager Controller.

Host

This refers to one of the server hosts in the FortiAnalyzer-BigData system.

Instances

Also known as Service instances. This refers to the instance serving the service. There are usually multiple instances running behind a service load balance.

Main host

The FortiAnalyzer-BigData main host runs on Blade A1 and is responsible for collecting logs and providing the GUI for FortiView, Log View, Reports, and more.

Roles

The Security Event Manager hosts are categorized into three different roles according to the kind of stateful services running on them. The roles are assigned automatically during the cluster initialization. The placement of those stateful services on each role is designed to achieve optimized performance, high data and service availability and scalability, and is immutable after the cluster is initialized. In a scaling-out scenario (see Scaling FortiAnalyzer-BigData), the hosts on the extender chassis can be added as data nodes to the existing cluster in the main chassis.

FortiAnalyzer-BigData has the following roles and services:

  • Master Node
    • Consul
    • HDFS Datanode
    • Kafka Broker
    • Kudu Master
    • Kudu Tablet Server
    • Yarn Node Manager
    • Zookeeper
  • MetaStore Node
    • HDFS Datanode
    • HDFS Namenode
    • Kafka Broker
    • Kudu Tablet Server
    • Yarn Node Manager
    • Yarn Resource Manager
  • Data Node
    • HDFS Datanode
    • Impala
    • Kafka Broker
    • Kudu Tablet Server
    • Yarn Node Manager
Services

This refers to the Security Event Manager services that are responsible for security data management, security data processing, storage, cluster management, and more.

Previous
Next

Key terms and concepts

This section contains key terms used in FortiAnalyzer-BigData.

Security Event Manager

The Security Event Manager is formed by Blade A2–A14 to perform the workload for data processing, persistence, query, and management of security log events.

Security Event Manager Controller

The Security Event Manager Controller is a single host within the Security Event Manager that functions as the main controller for the hosts. This host is usually Blade A2 of the chassis and is responsible for the DHCP, configuration management, and lifecyle management such as upgrades, resets, and more.

Security Event Manager Host(s)

This refers to Blade A2–A14, which are the hosts that form the Security Event Manager.

Blade

This refers to the physical blade server enclosed within the FortiAnalyzer-BigData chassis.

The Chassis Management Module

The Chassis Management Module (CMM) is used to remotely manage and monitor server hosts, power supplies, cooling fans, and networking switches. The CMM comes with a web management utility that consolidates and simplifies system management for the FortiAnalyzer-BigData chassis.

The web management utility aggregates and displays data from the CMM and provides the following key management features:

  • Enables administrators to view in-depth hardware-level status information using a single interface.
  • Provides an OS-independent, remote graphical console.
  • Allows remote users to power control all or each of the blades.
Controller

This refers to the Security Event Manager Controller.

Host

This refers to one of the server hosts in the FortiAnalyzer-BigData system.

Instances

Also known as Service instances. This refers to the instance serving the service. There are usually multiple instances running behind a service load balance.

Main host

The FortiAnalyzer-BigData main host runs on Blade A1 and is responsible for collecting logs and providing the GUI for FortiView, Log View, Reports, and more.

Roles

The Security Event Manager hosts are categorized into three different roles according to the kind of stateful services running on them. The roles are assigned automatically during the cluster initialization. The placement of those stateful services on each role is designed to achieve optimized performance, high data and service availability and scalability, and is immutable after the cluster is initialized. In a scaling-out scenario (see Scaling FortiAnalyzer-BigData), the hosts on the extender chassis can be added as data nodes to the existing cluster in the main chassis.

FortiAnalyzer-BigData has the following roles and services:

  • Master Node
    • Consul
    • HDFS Datanode
    • Kafka Broker
    • Kudu Master
    • Kudu Tablet Server
    • Yarn Node Manager
    • Zookeeper
  • MetaStore Node
    • HDFS Datanode
    • HDFS Namenode
    • Kafka Broker
    • Kudu Tablet Server
    • Yarn Node Manager
    • Yarn Resource Manager
  • Data Node
    • HDFS Datanode
    • Impala
    • Kafka Broker
    • Kudu Tablet Server
    • Yarn Node Manager
Services

This refers to the Security Event Manager services that are responsible for security data management, security data processing, storage, cluster management, and more.

Previous
Next