Fortinet black logo

FortiSIEM Reference Architecture Using ClickHouse

Home FortiSIEM 7.1.0 FortiSIEM Reference Architecture Using ClickHouse
7.1.0
7.1.6
7.1.5
7.1.4
7.1.3
7.1.2
7.1.1
7.1.0
7.0.3
7.0.2
7.0.1
7.0.0
6.7.9
6.7.8
6.7.7
6.7.6
6.7.5
6.7.4
6.7.3
6.7.2
6.7.1
6.7.0

Cloud and Hybrid Cloud Deployments

Cloud and Hybrid Cloud Deployments

Fortinet offers a flexible FortiSIEM deployment model that supports cloud and hybrid cloud environments with virtual appliance images that can be deployed in popular cloud hypervisor environments, including AWS and Azure. The high-performance scalable architecture deployed on cloud based virtual appliances provides a solution for organizations requiring high performance cloud based SIEM.

Cloud based FortiSIEM deployments have many of the same design considerations as onsite deployments

  • Deploy Supervisor, Worker and Keeper nodes to handle the scalability and resilience requirements.

  • Deploy additional storage for event data on the nodes that will run the ClickHouse database

  • The Supervisor, Worker, and Keeper nodes should be in the same cloud environment with high performance connectivity between all nodes

  • Deploy collector nodes to collect logs from devices and perform performance monitoring

Cloud based deployments can be combined with on-site appliances to support hybrid cloud architectures where an organization has both cloud based and local log sources, or where an MSSP needs to host FortiSIEM in a cloud environment but provide onsite Collectors for the tenant organizations. Hybrid cloud can be deployed in two ways, depending on organizational requirements:

  • Cloud based deployment with cloud and onsite Collectors

  • Onsite deployment with cloud and onsite Collectors

Organizations who have a cloud-first strategy and sufficient cloud compute capacity will likely favor a cloud Supervisor and Worker deployment with a number of onsite hardware or virtual Collectors to meet onsite log collection and performance monitoring requirements.

Organizations who maintain an onsite hypervisor and have more limited cloud resources will likely favor an onsite deployment with one or more cloud hosted FortiSIEM virtual Collectors to meet cloud server and application monitoring requirements.

Previous
Next

Cloud and Hybrid Cloud Deployments

Fortinet offers a flexible FortiSIEM deployment model that supports cloud and hybrid cloud environments with virtual appliance images that can be deployed in popular cloud hypervisor environments, including AWS and Azure. The high-performance scalable architecture deployed on cloud based virtual appliances provides a solution for organizations requiring high performance cloud based SIEM.

Cloud based FortiSIEM deployments have many of the same design considerations as onsite deployments

  • Deploy Supervisor, Worker and Keeper nodes to handle the scalability and resilience requirements.

  • Deploy additional storage for event data on the nodes that will run the ClickHouse database

  • The Supervisor, Worker, and Keeper nodes should be in the same cloud environment with high performance connectivity between all nodes

  • Deploy collector nodes to collect logs from devices and perform performance monitoring

Cloud based deployments can be combined with on-site appliances to support hybrid cloud architectures where an organization has both cloud based and local log sources, or where an MSSP needs to host FortiSIEM in a cloud environment but provide onsite Collectors for the tenant organizations. Hybrid cloud can be deployed in two ways, depending on organizational requirements:

  • Cloud based deployment with cloud and onsite Collectors

  • Onsite deployment with cloud and onsite Collectors

Organizations who have a cloud-first strategy and sufficient cloud compute capacity will likely favor a cloud Supervisor and Worker deployment with a number of onsite hardware or virtual Collectors to meet onsite log collection and performance monitoring requirements.

Organizations who maintain an onsite hypervisor and have more limited cloud resources will likely favor an onsite deployment with one or more cloud hosted FortiSIEM virtual Collectors to meet cloud server and application monitoring requirements.

Previous
Next