6.6 Two-Tier and Three-Tier Distributed Deployment

These deployments enable you to surpass the load handling capabilities of a single central Sentinel server and share the processing load across multiple Sentinel instances by leveraging Sentinel Link and Sentinel Data Federation features. The data collection is load-balanced across several Sentinel servers, each having several Collector Managers, as shown in the Data Collection Tier. If you want to perform event correlation or security intelligence, you can optionally forward data up to the Analytics Tier using Sentinel Link. The Search Tier provides a convenient single access point for searching across all systems in all other tiers by using Sentinel Data Federation. As the search request is federated across several instances of Sentinel, this deployment also has search load-balancing properties useful in scaling to handle a heavy search load.

Figure 6-5 Two-Tier and Three-Tier Distributed Deployment