Forum Discussion
Disaster Recovery Design for Microsoft Sentinel
I would like to know if there is a recommended design for disaster recovery of Sentinel SIEM like placing another Log Analytic workspace in a paired region. then pointing the DR servers to report to ...
Can you explain more about the preview that Microsoft had for allowing a customer to perform a failover from one region/workspace to another? Why was it paused?
How can I determine which resources allow for multi-homing with VMs, and which ones do not?
Can you elaborate on the costs associated with multi-homing to two workspaces at once, and provide some guidance on how to determine which VMs to protect in this way?
How can I determine which resources allow for multi-homing with VMs, and which ones do not?
Can you elaborate on the costs associated with multi-homing to two workspaces at once, and provide some guidance on how to determine which VMs to protect in this way?
Sorry that's a question you'd have to ask Microsoft - I suspect (and its a guess) that the Availability Zone feature meets the minimum required for most.
Costs to multi-home are roughly double anything you ingest. So if you ingest 1GB today, it will be 2GB across two workspaces. This is only a rough estimate as other licences and workspace Tiering could affect the overall cost.
You'll know your VMs the best - I'd start with the most critical ones. You'd also need to know exactly why the data needs to be available to justify the cost and complexity. e.g. whats the business need or risk you are mitigating if the data isn't near instantly available in a secondary workspace (this will help justify the costs).
Costs to multi-home are roughly double anything you ingest. So if you ingest 1GB today, it will be 2GB across two workspaces. This is only a rough estimate as other licences and workspace Tiering could affect the overall cost.
You'll know your VMs the best - I'd start with the most critical ones. You'd also need to know exactly why the data needs to be available to justify the cost and complexity. e.g. whats the business need or risk you are mitigating if the data isn't near instantly available in a secondary workspace (this will help justify the costs).