In my last blog post, I described the overall benefits of moving to a network security management solution such as Panorama. I also hinted at three additional steps you can take to ensure optimal performance of your management platform. In this blog post, I’ll go into more detail on these three steps.
Step 1. Move from Virtual Machine (VM) to a Hardware Platform
Deploying Panorama on a VM is a great option for those who want fewer appliances in their security deployments, but it can come with drawbacks. You have to ask a VM management team to add processing power when VM resources are oversubscribed. Deploying a hardware appliance (either an M-100 or M-500 appliance) in your network ensures available resources when you need them. Free yourself from dependence on third-party hardware vendors.
Step 2. Add Dedicated Log Collectors
Combining management and log collection into one piece of hardware may work in some instances, especially for small networks; but, as soon as your log retention increases, you are sacrificing valuable management resources for logging.
Adding dedicated log collectors (additional M-100 or M-500 appliances) to your Panorama deployment will increase log ingestion rates, lengthen log retention, and free up valuable resources. Adding log collectors strategically across your distributed deployment will also cut back on the need to backhaul all logs over WAN links and provide better access to configuration-wide data for analysis.
Step 3. Deploy Panorama in High Availability (HA)
It’s no secret, HA decreases the chance of downtime for hardware. Panorama can be deployed in HA, effectively increasing availability and eliminating single points of failure. Improve availability by deploying Panorama in HA.
Check back next week for the final post in this series where I’ll share the importance of planning for the future state of a company when deploying Panorama. In the meantime, watch the Panorama demo to learn more.