10.3 Design Scenario C

This is a highly secure design where the NOC is located in London alongside one of the data centers. The two other primary and secondary data centers are located at remote geographically dispersed sites. In this design, syslog data must be secured end-to-end between source and destination. Sensitive syslog messages are secured on the local network and MPLS network using SSL, and secured across the public Internet using a VPN tunnel connection.

The three data centers send log messages to a three-node vRealize Log Insight cluster that is employed as part of a full VMware service provider management infrastructure including vRealize Operations Manager components.

The VMware Cloud Provider has more than 1500 devices logging and requires a two-node vRealize Log Insight cluster to meet the ingestion requirements of the infrastructure. To allow for host failure without causing interruption to log message ingestion, a three-node vRealize Log Insight cluster is configured.

Design Quality	Architect Notes
Redundant vRealize Log Insight appliances	Provides a HA solution along with meeting the source ingest requirement.
Secure Design	Meets a provider’s requirement that all syslog data is secure while in transit across private and public networks.
Syslog aggregator or forwarder	The use of a syslog aggregator in this design limits source traffic across the public network to a single address and provides a local target for client syslog configuration.
Syslog transport protocol: SSL	SSL is employed to secure sensitive log data on internal networks and across a MPLS link. Connection to the secondary data center is through a VPN tunnel created, in this case, between two Cisco ASA 5500 firewall devices.
HA Load Balancer	HA Pair of NSX Edge devices configured to load balance traffic evenly across Log Insight nodes. Load balancing algorithm configured as least connections: “LEAST_CONN” on TCP 1514