Implementation GuidePlanning Your EnvironmentFederation Planning › Create a Federation Map

Previous Topic: Federation Planning

Next Topic: Example: Federation Map for a Large Enterprise

Create a Federation Map

Creating a federation map is a useful step in planning and implementing your federation configuration. The larger your network is, the more helpful this map is during the actual configuration tasks. You can use any commercial graphics or drawing program, or you can sketch the map by hand. The more details you can supply in your map, the faster you can complete the configuration.

To create a federation map

  1. Start your map with the two basic CA Enterprise Log Manager servers, management and collection, and provide the details for each.
  2. Decide whether you need additional collection servers and whether they represent the top of a hierarchy or a unit in a mesh.
  3. Decide which type of federation best suits your needs, hierarchical or meshed.
  4. Identify opportunities for hierarchies, branches, or interconnections based on your business reporting, compliance, and event throughput needs.

    For example, if your company has offices on three continents, you may decide to create three hierarchical federations. You may further decide to mesh the hierarchies at a high level, so that senior executives and security management can produce reports that cover the entire network. You should at a minimum federate the basic environment's insert and query CA Enterprise Log Manager servers.

  5. Decide how many total CA Enterprise Log Manager servers you need to deploy.

    This value is based on the number of devices in your network and the event volume they generate.

  6. Decide how many layers of federated servers you need.

    This number is based in part on the decisions you take in steps 2 and 3.

  7. Identify the event types that each of the CA Enterprise Log Manager servers in the federation receives.

    If your network has a large number of syslog-based devices and only a few Windows servers, you may decide to allocate one CA Enterprise Log Manager server expressly for Windows event collection. You may need several servers to handle the syslog event traffic. Planning ahead which CA Enterprise Log Manager servers receive which kinds of events makes configuration of the local listeners and services easier.

  8. Sketch a map of this network to use during configuration of the federated (child) CA Enterprise Log Manager servers.

    Include DNS names and IP addresses on your map, if known. You will use the DNS names of the CA Enterprise Log Manager servers to configure the federation relationships between them.

More information:

Hierarchical Federation Example

Meshed Federation Example