New High Availability Release

Happy New Year Trisul fans. We have a new release out for you with some Enterprise features.

  1. HA : High availability – protects against a single probe or hub node failure by multihoming the nodes.
  2. DR : Disaster recovery – a complete standby replica of the primary site
  3. New PCAP tools

We will be sharing more technical information about these tools later this week. Here is an overview. Full release notes are available here

HA features

Many of our customers have been asking for High Availability. In the event of a single Hub or Probe failure they want the system to be accessible to their teams. We now support a N:1 HA mode in this new release,

  • Trisul Domain certificates have a primary and backup IP address,
  • Trisul Probes can flush to two Trisul Hubs in parallel.
  • N-hubs can be backed up by 1-HA hub

With reference to the figure on the left.

On the web server side (bottom), you can login to either the primary or the HA-hub node or better use a proxy such as Apache to load balance the two.

On the network side (top), you can have have a packet broker send to the primary or HA probe for packet analytics. In Netflow mode, you can use a UDP load balancer to provide a virtual IP that balances the probes behind them.

For DR

For DR, we use a custom incremental secure sync feed between the primary and backup sites to ensure that they always stay in sync. Takeover is automatic.

PCAP features

Many of our customers who have PCAP retention enabled feel that the cost-benefit ratio of storing old PCAPs are very high and they would like to see it come down. We introduce two new tools

  • trisul_flowcap : Run this tool over old Trisul PCAP dumps (RCF format) to only store X bytes from a flow. This tools has some novel features such as a dry-run mode and switching to a sampling mode after the first X bytes. Install trisul and then read man trisul_flowcap to explore it.
  • trisul_reencrypt : Remember trisul PCAP files are encrypted using AES-128. Use this tool to re-encrypt your PCAP stores with a different passphrase. This helped one of our customers who wanted to re-encrypt when some employees left the organization.

We’ve been slow here on the blog. We will being sharing frequent blogs, articles, and videos about Trisul this year 🙂

Get on board

All users should update to the latest version.

Dont just monitor, start NSM-ming !