Understanding the Need for a Cluster



This article provides information about the Logsign cluster architecture.


Cluster Architecture

Cluster architecture refers to server clusters that work together or redundantly for the same purpose, as a result of certain configurations. The most important criterion of cluster architecture is that they are redundant systems.

To create each cluster in the cluster structure, three or more servers called "nodes" are needed to work together.

Cluster architecture provides availability, reliability, and scalability. Logsign cluster architecture has an "active/active" operating structure, and load balancing and backup are at the forefront in this structure.

In the cluster structure, server clustering with EPS is directly proportional, and the servers that the cluster will operate on are determined according to the EPS status.


Why do we need Cluster Architecture?

- Redundancy

- Load Balancing

- In the cluster structure, each node can perform the task of another node that has a problem, thus hardware/software errors can be detected more quickly.

- Large data can be processed faster in Cluster Architecture due to Load Balancing.

- Despite having 3 or more servers in Cluster Architecture, it is centralized and easy to manage because it can be managed from a single server.

- Disk space and disk performance are stronger and more flexible in cluster architecture.

- Due to the fact that factors such as EPS/Resource Number/Offline Reports/Index work more efficiently in the cluster structure, there is a need for Cluster Architecture.

- The increasing number of log sources and the increasing flow of logs also require customers to switch to Cluster Architecture.

- Factors related to index, offline reports and the like work faster in the cluster structure.

- It is a structure required for organizations working with large data to maintain live data (live index) for a long time.


Redundant Operating Architecture

There are many redundant functions in the Logsign cluster structure, and one of them is the interface and syslog redundancy to ensure sustainability.


User Interface (UI) and Syslog Redundancy;

Logsign uses floatip services, which are special services for user interface and syslog redundancy. The floatip service means a floating IP. Virtual IPs used in the cluster configuration are added to physical servers, and in case of a problem on the server, the virtual IP switches to another server without interruption in the user interface and syslog log collector services.



Cluster Service Redundancies;

In the Logsign cluster structure, there are critical services that ensure current configurations and server management, and their redundancy is provided with floatip and cluster services.


Data Redundancy;

Logsign has configurations and services for redundant data storage in its cluster structure. It uses the Hadoop service for the redundancy of archive and signed data to prevent data loss if there is a problem on one of the servers. Index redundancy is also configured to ensure the sustainability of analysis on live data (elasticsearch live index).



Was this article helpful?
0 out of 0 found this helpful

Articles in this section

See more
Become a Certified Logsign User/Administrator
Sign-up for Logsign Academy and take the courses to learn about Logsign USO Platform in detail. Enjoy the courses, and get your badges and certificates. In these courses, you'll learn how to use Logsign in your work and add value to your career.
Visit Our Blog
Our Logsign USO Platform illustrate our expertise. So do the blog. Through our blog posts, deepen your knowledge on various SecOps topics or get updated about important news & modern approaches for cybersecurity. Get into the habit of reading valuable information provided by Logsign. Be a step ahead.