Due to the new national cybersecurity law and the NIS2 directive, we have a new requirement that log files must be stored for the long term. As a provider of VMware stack, we are required to retain log files for 2 years. vCenter, vSphere, NSX, Cloud Director etc…. you name it.
We calculated that we need about 50 TB of space. Since the maximum capacity of one Aria for Logs node is about 5 TB, we will have to form a cluster of 10 nodes.
Let’s get started!
Planning
Clusters
Clusters must meet the following requirements:
- Nodes in clusters must all be of the same size and in the same data center.
- The Integrated Load Balancer used with clusters requires that nodes be in the same L2 network.
- VMware Aria Operations for Logs virtual machines must be excluded from VMware NSX Distributed Firewall Protection.
Sizings
VMware Aria Operations for Logs single cluster configuration can include 3 to 18 nodes. When nodes are offline or unhealthy, the feature availability depends on the minimum number of nodes that are available for the cluster to run functionalities.
The following table lists the maximum number of nodes that can fail to maintain a healthy, active cluster:
| Number of nodes in a cluster | Number of nodes that can fail |
|---|---|
| 1 | 0 |
| 2 | 0 |
| 3 | 1 |
| 4 | 1 |
| 5 | 2 |
| 6 | 2 |
| 7-18 | 3 |
If the primary node is unhealthy or offline,
- You might experience certain UI limitations in accessing cluster details and statistics.
- You cannot add new nodes.
- You cannot remove existing nodes.
Aria Operations for Logs is cool stuff because of having built-in HA !!!
Deployment
You’re running a single node of Aria Operations for Logs and would like to expand it you need to deploy a new Aria Operations for Logs appliance and join it to an existing deployment.
The first steps are to download the appropriate .OVA image from the Broadcom portal and install it from vCenter. Nothing fancy, just a regular OVA installation with standard stuff like hostname, disk tier, IP addressing etc.
After these steps, we had 10 deployed nodes.
The next step is to form a cluster. Log in to the Aria for Logs web interface of the first and foremost virtual machine. Click through to the section Management -> Cluster.
Choose Generate Join Token. It will generate a security token to connect Aria for Logs appliances.
Let’s now access the UI for Setup.
After selecting Join Existing Deployment, enter the FQDN of the primary node (the first virtual machine), and put a security token valid for only 10 minutes in the second line.
Click GO, which will initialize your new Worker Node.
After a few minutes back on the Primary Node, you can see that the Worker Node has joined the Cluster. That’s it ! You need to repeat the same steps for the remaining nodes to add them to the cluster.
