I just concluded my series on Log Insight reference architectures and I wanted to explicitly call out how to properly handle Disaster Recovery (DR) in Log Insight. Read on to learn more!
If you look at my last Log Insight reference architecture post you will see that I recommend the following architecture for DR:
Now you might be wondering if you can do something like this instead:
The answer is yes, though it would not be the best practice. There are several reasons for this, but the most apparent is if the primary site is down new events cannot be ingested — this could be mitigated with a DNS change assuming your environment is configured properly.
Another possibility would be a DR architecture like this:
Again, this is possible but not recommended. Two primary reasons stand out in this case:
- Without forwarders in front of the central LI instances it is hard to change/move the central LI instances
- The design clearly has a loop and will be prone to user error
So the best practice is to have all clients log to a Log Insight forwarder and have the Log Insight forwarder forward to two different central Log Insight instances. This architecture prevents loops and provides for immediate failover capabilities in the case of DR.
© 2015, Steve Flanders. All rights reserved.