Distributed environments

Multiple Scrutinizer appliances/servers can be configured as a distributed environment with a central, primary reporter and one or more remote collectors.

Distributed environments are capable of ingesting significantly higher flow volumes from a greater number of exporters. All admin, management, and reporting functions are handled from the primary reporter.

Distributed cluster setup

Distributed clusters can include any combination of hardware and/or virtual appliances, regardless of physical location.

To set up a distributed cluster, follow these steps:

1. Deploy the required number of Scrutinizer hardware or virtual appliances following the appropriate deployment guides and complete the initial appliance setup process.

2. Start an SSH session as the plixer user with the appliance that will be used as the primary reporter for the cluster.

3. Launch the scrut_util interactive CLI by running:

   /home/plixer/scrutinizer/bin/scrut_util
   

4. At the SCRUTINIZER> prompt, register each additional appliance as a remote collector:

   SCRUTINIZER> set registercollector APPLIANCE_IP
   

5. After registering all remote collectors, use the exit command to exit the scrut_util interactive CLI.

Once the Scrutinizer distributed cluster has been set up, exporters can be configured to send flows to any of the remote collectors. The web interface for the cluster can be accessed using the IP address or hostname of the primary reporter.

Note

• When registering remote collectors, it is highly recommended that one appliance/collector should also be assigned the secondary reporter role.

  set registercollector APPLIANCE_IP secondary
  

  This appliance can later be promoted to function as the primary reporter (using the set selfreporter scrut_util command) if the cluster’s original primary reporter becomes unavailable.

• To avoid potential bottlenecks in distributed configurations that include hardware appliances, 10 Gb networking is strongly recommended. If the appliances are geographically dispersed, the WAN link should also support 10G.

Ports used

If appliances in a distributed cluster are unable to communicate with each other, it may be necessary to whitelist the connections between the remote collectors and the primary reporter.

The following network ports are used in communications between appliances in a distributed environment:

Collector(s) -> Reporter (UDP)	Collector(s) <-> Reporter (TCP)
514	22 80 (or 443) 6432 and 5432

Note

To learn more about licensing options for distributed environments or for additional assistance, contact Plixer Technical Support.

Certificate management

Run these scripts to generate certificate signing requests (CSRs) and install the signed certificates to remote nodes in a distributed cluster.

High availability

Scrutinizer distributed clusters support high availability (HA) configurations that include secondary reporters and/or backup collectors for redundancy.

Note

Contact Plixer Technical Support to learn more about HA licensing options.

Secondary reporters

In distributed deployments, a remote collector can be registered as a secondary reporter, which can be used to access the system if the primary reporter becomes unavailable.

To register a remote collector as a secondary reporter, enter the following scrut_util command from the primary reporter.

SCRUTINIZER> set registercollector COLLECTOR_IP secondary

After a collector has been registered as a secondary reporter, its IP address can be used to access a read-only version of the Scrutinizer web interface at any time. An updated backup of the primary reporter’s configuration metadata will also be maintained on that collector.

If the primary reporter has become permanently unavailable, the secondary reporter should be promoted using the set selfreporter scrut_util command, as outlined in the distributed environment setup guide. This will lift the read-only status and restore full web interface functionality.

Note

• A new license key is not required when promoting a secondary reporter to primary status. The promoted reporter will operate normally with the old license until it expires. However, it cannot register new appliances as collectors and secondary reporters.

• If the original primary Scrutinizer reporter in a high-availability configuration becomes permanently unavailable, follow these steps to point the FlowPro probe to the new primary reporter.

Backup collectors

Distributed clusters can be configured to use backup collectors to enable high availability for flow collection functions.

To use a remote collector Y as a backup for remote collector A, do the following:

1. Configure all exporters sending flows to A to also send flows to Y.

2. In the web interface, navigate to Admin > Resources > Exporters, and then verify that the selected exporters are correctly sending flows to both collectors.

3. From the Exporters view, set the status of the duplicated exporters sending flows to Y to Backup.

If remote collector A becomes unavailable, the exporters that were previously set to Backup on remote collector Y must be set to Enabled to allow for continuous flow collection and reporting. Once A is online again, the status of the exporters should be reverted to Backup.

And if remote collector A is removed from the cluster configuration, it cannot be added back.

Hint

When managing a large number of exporters, filter the list to view only relevant exporters and use the checkboxes to set them to Backup or Enabled as a bulk action.

HA with Replicator

Replicator can simplify the process of setting up backup collectors by replicating flow data and forwarding it to multiple destination collectors.

View the Replicator online documentation or contact Plixer Technical Support to learn more.