Skip to content

On prem

AIO

The AIO instance (All-In-One) is the first choice for most projects for it's straight forward installation and configuration process. In this configuration, all the components and services of CYBERQUEST are residing on a single machine.

We recommend the AIO deployment for it's stability, ease of configuration and operation.

This version is most suitable for deployment in small to medium IT infrastructures.

Distributed edition

By distributed edition (distributed architecture) we understand that CYBERQUEST can be deployed on multimple machines, in the same network or in different networks.

In the distributed architecture, CYBERQUEST can be deployed as AIO on multiple machines (for HA purposes etc.), or CYBERQUEST's component services are deployed on separate machines.

The main purpose for configuring CYBERQUEST in a distributed architecture is increase in performance by distributing load on multiple machines. Though it is very tempting for the consistent increase in performance, it is subject to increased service demands (due to the complexity of the instance) and third party software or hardware failures have a greater impact.

We recommend distributed architecture only for large projects, and we specifically design the solution for each such project.

Scaling Elasticsearch

This is done by deploying the Elasticsearch service on a separate machine. By usage of separate processing power for maintaining the NoSQL data repository, high ingestion (in EPS) and correlation values may be reached per CPU for the CYBERQUEST processing server.

For large amounts of data (above 5TB) an Elasticsearch cluster can be deployed. See chapter 03. Set-up for info on Elasticsearch clustering.

Scaling Data Server

In some instances, where data must be collected from separate (and, in many cases, also remote) networks, the Data Server service (responsible with receiving the streams of data) can be deployed on separate machines. Also, the scaling of Data Server can be done for overall performance increase.

Scaling Rabbit MQ

By deploying the queueing service (powered by RabbitMQ) on separate machines the overall performance of the CYBERQUEST instance can be increased.

Scaling Data Storage (Archive)

In projects where data must be retained for extra long periods of time and with requirements of immediate access, the Data Storage service can be deployed on separate machines. This enables CYBERQUEST to maintain huge archive repositories. It also provides some increase in the overall performance of the CYBERQUEST instance.

Scaling Correlation Engine

Scaling the Correlation Engine, besides the Elasticseaech service, is the most performance increase scaling that can be implemented for a CYBERQUEST instance.

Examples

High availability deployment (variant)

Alt Image

Distributed architecture with Elasticsearch included

Alt Image

Distributed architecture with Elasticsearch distributed and multiple site collection

Alt Image