Log Insight: Disaster Recovery

I just concluded my series on Log Insight reference architectures and I wanted to explicitly call out how to properly handle Disaster Recovery (DR) in Log Insight. Read on to learn more!

li-logo

If you look at my last Log Insight reference architecture post you will see that I recommend the following architecture for DR:

li-architecture-nested-forwarders-dr

Now you might be wondering if you can do something like this instead:

li-dr2

The answer is yes, though it would not be the best practice. There are several reasons for this, but the most apparent is if the primary site is down new events cannot be ingested — this could be mitigated with a DNS change assuming your environment is configured properly.

Another possibility would be a DR architecture like this:

li-dr3

Again, this is possible but not recommended. Two primary reasons stand out in this case:

  • Without forwarders in front of the central LI instances it is hard to change/move the central LI instances
  • The design clearly has a loop and will be prone to user error

So the best practice is to have all clients log to a Log Insight forwarder and have the Log Insight forwarder forward to two different central Log Insight instances. This architecture prevents loops and provides for immediate failover capabilities in the case of DR.

© 2015, Steve Flanders. All rights reserved.

2 thoughts on “Log Insight: Disaster Recovery

  1. Peter Jakobs says:

    Steve, I set up a DR configuration, with Tenant aggregators, 2 forward clusters and 2 main LI clusters. Everything is working, but: administration is really difficult and/or time consuming. There is no ‘global view’ of the LI installation, no version control (LI and add-ons), no central agent configuration, some integrations should be configured on the forwarders, some on the central cluster.
    Any hints for this?
    thanks, Peter

Leave a Reply