Sep 14 2022 06:28 AM
I would like to know if there is a recommended design for disaster recovery of Sentinel SIEM like placing another Log Analytic workspace in a paired region. then pointing the DR servers to report to this LAW.
If in case I need a live DR then do I have to replicate the log analytic workspace to the other paired region and what is the best method to do this replication?
Thanks
Sep 14 2022 07:23 AM
Remember that the underlying storage and platform is highly available, and more so in Azure Regions with Availability Zones. Microsoft did have a preview a while back (two years???) to look at allowing a customer to perform a failover from one region/workspace to another, but it was paused.
If you want VM's and a Active/Active capability you can multi-home to two workspaces at once, however that will double your costs (so maybe only protect critical VM's that way?).
Note, not all resources allow this capability, but VMs with AMA (Windows and Linux) do allow multi-homing, or just Windows with the MMA deployed)
Sep 19 2022 07:03 AM
Feb 25 2023 04:20 AM
Feb 27 2023 01:14 AM