1.3.2. ON Analytics

Based on the ELK Stack, ON Analytics receives the platform logs, structures, and metadata and builds the data lake to show dashboards and reports in real time allowing specific searches. When we have the 2SRA (Remote Secure Access) module, it receives the metadata of the VPN traffic processed by OpenNAC Sensor via Filebeat.

It is a mandatory component of the solution that includes non-critical components such as:

  • Aggregator: An enrichment of all the information generated by any OpenNAC Enterprise component.

  • Search Engine: Based on an elastic search engine that allows you to easily search the information generated and collected by the OpenNAC Enterprise components.

  • Dashboards and reports: The solution includes a set of dashboards and reports based on common technical information gathered. You can create and generate your own custom dashboards.

Note

ON Analytic is NOT a critical component for the platform, which is why it does NOT require high availability. The implementation of one or more nodes will depend on the requirements of the deployment and the final architecture design. If this component is outlined, the main functionality of OpenNAC Enterprise modules would continue to work. However, during the outlined period, we would no longer have the ability to process and display the information of the solution.

In deployments where a large amount of data is generated, it may be necessary to deploy multiple Analytics nodes to load balance the storage. ON Analytics has two types of roles, typically within the same node:

  • Aggregator: A role with aggregation functions that receive information through Filebeat and process logs with Logstash.

  • Analytics: A role with data management functions performed by ElasticSearch and visualization through Kibana.

1.3.2.1. Sizing an ON Analytics Instance

The dimension of Network Access solution infrastructure can be directly inferred from the expected workload in terms of users, IPs, types of authentication or use cases deployed that the NAC must sustain. The workload may be complicated to estimate, but this is a crucial exercise to build an efficient NAC Architecture. In general, you can increase its capacity by adding more nodes of some components. The current user’s growth is achieved by adding more nodes in an N + 1 scheme through a load balancer.

When the network requires capturing 10 Gb, it will be necessary to implement hardware sensors with cards compatible with accelerated drivers from pFring.

The hardware specifications for ON Analytics are:

Resources

Minimun

10Gb

Memory

16 GB

32 GB

CPU

8 CPUs

16 CPUs

Disk Size

300 GB*

300 GB*

Disk Type

SSD

SSD

Network

2 NIC**

2 NIC**

Note

* It depends on the amount of information that needs to be stored.

** The 2 network interfaces are mainly for service and management (internal communication between the different nodes).