If the primary appliance goes offline, endpoint agents are unable to check in, and secondary appliances can not route their traffic back to the primary appliance for analysis. All endpoints and secondary appliances are configured to report to the primary appliance because this design provides an additional layer of security and eliminates the need to maintain constant connections and pings to every secondary appliance and endpoint. Reducing this complexity and network traffic helps minimize the risk of stability or performance issues within your environment.
Each client deployment also includes a relay, which allows endpoint agents and secondary appliances to connect to the appliance - even when they are on different networks. This relay is also how Field Effect connects to client networks and communicates with primary appliances.
While an offline primary appliance is considered critical, all endpoint agents and secondary appliances will continue to store and forward data through the relay until the primary appliance becomes available again. Once the primary appliance is back online, the backlog of data will be ingested and analyzed.
To reduce the likelihood of these scenarios, we have developed a new deployment model that uses a virtual primary appliance paired with remote sensors that monitor the client site(s) and securely send traffic for analysis.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article