Administration
System requirements
Software requirements
The BitSwan product requires environment with:
- ● Linux (Ubuntu, CentoOS, RedHat)
-
● Python 3.5+ Because of Docker containers, this environment is implicitly ensured. In case BitSwan is set in these containers, it is necessary to equip the external environment (host server) with the following applications:
- ● Docker
- ● Docker compose
Note: the BitSwan product can thus be run in any environment with any operational system which enables a trouble-free operation of the Docker application.
Linux
For maximum efficiency mainly within production environment the BitSwan product requires Linux operating system, preferably in Ubuntu or CentOS distribution.
Required versions overview:
- Ubuntu Linux 16+ LTS releases
- CentOS Linux 7+
- Red Hat Linux 5+
Note: within Docker containers Alpine 3.8 distribution is used for the reason of simplicity and a smaller volume of the actual container.
Hardware requirements
Hardware requirements derive from the amount of data processed and individual data streams connected.
The throughput of one CPU core ranges from 1000 to 20000 events per second (EPS) -depending on the complexity of input data. One CPU core is necessary to be supplemented by 2GB RAM.
In the basic version one BitSwan product instance requires an environment with at least one CPU core for data pumps as well as servers for correct and fast functioning of ElasticSearch database – again depending on supposed amount of data being stored, processed and analyzed.
Standardized hardware junction configuration:
| Specification | Component |
|---|---|
| CPU | 64bit CPU Intel or AMD, 4 a and more CPU cores |
| RAM | 64GB RAM DDR4 and more |
| NIC | Gigabit Ethernet port |
Data storage
BitSwan stores data into ElasticSearch database, which can be dimensioned to store tens to hundreds TB data. BitSwan enables to widen data storage space without any limit, e.g. by means of local disks, external disk fields or cloud data storages. A typical size of one data junction amounts to 40 TB of active data with at least three data junctions of that type recommended. Such a configuration also provides replication of data stored and consequently the system resistance to failure of one or more data junctions.
The data storage makes it possible to configure the utilization of stored data compression with the purpose of saving the disk capacity.The data storage also ensures integrity checkup of the data stored. This provides a mechanism of unauthorized data change detection.
It is recommended to run the system in a data storage which makes use of RAID1 (mirroring) or its equivalent (e.g. ZFS nebo LVM). In case the system is run in a cluster (3 junctions or more), it is possible to switch to RAID0 (stripping) for junctions with ElasticSearch because data are replicated in a cluster and high accessibility is provided at the level of the whole cluster junctions. This enables a more efficient disk capacity utilization.
For systems with extreme requirements for EPS which relate to storing or loading data it is recommended to realize a disk storage on locally connected SSD disks. In the other cases the system can be advantageously run on rotating disks. Making use of a storage connected via network (SAN, NAS) is recommended for an event archive. For actively used data this type of storage is not recommended
Network requirements
The system supports IPv4 and IPv6 protocols in all its components.
Network interface throughput must correspond with requirements for volume and processing of events.