TC OVERSIGHT CONTROLS

GENERAL INSTALL REQUIREMENTS

INSTALLATION REQUIREMENTS

Technically Creative Oversight Controls (TCOC) can be installed in any environment that meets the following requirements. Due to the capabilities and flexibility of TCOC, this information is provided as a reference for a basic install. Your implementation and environment will determine exactly what resources are required.

SYSTEM REQUIREMENTS

*While Linux is recommended, there are some capabilities that require a Windows operating system. These capabilities can be offloaded to a standalone Windows install with the primary capabilities running on Linux.

STORAGE

Minimum
Recommended Minimum
Operating System
Windows Server/Linux
Linux*
CPU
2 cores @ 1.8 Ghz
8 cores @ 2.5 Ghz
Memory
4 G
16 G
Storage Space
20 G
500 G



Average Processing Rate
~500 events per minute with 10Mb events ~ 5000 events per minute with 1Mb events
~1000 events per minute with 10Mb events ~ 10000 events per minute with 1Mb events
While TCOC can be installed on the primary disk, we highly recommend using a high throughput storage device for the following storage locations.
Description
Default Location
Content Repository
Holds content of current files being processed as well as any archived data.
/var/opt/tcoc-flowengine/content_repository
FlowFile Repository
Holds event details while being processed. Corruption of this location will result in data loss.
/var/opt/tcoc-flowengine/flowfile_repository
Provenance Repository
Holds event details while being processed. Corruption of this location will result in data loss.
/var/opt/tcoc-flowengine/flowfile_repository
Database Repository
Stores the audited data of user login to the flow, as well as anything that happens within the flow engine.
/var/opt/tcoc-flowengine/database_repository
ZooKeeper Data Storage
Stores the data relating to the current state of the cluster to ensure a consistent environment between nodes.
/var/opt/tcoc-zookeeper

LINUX STORAGE

Because TCOC can handle thousands of events per second, we highly recommend adjusting the ulimit of TCOC storage locations to at least 10240 to reduce the likelihood of decreased performance.

FIREWALL ACCESS

TCOC uses the following network ports for management and processing of events. If a security system is blocking any of these ports it will have a negative impact on TCOC and prevent the processing of event.
Port
Protocol
Environment Type
Description
9443
TCP
Standalone & Cluster
TCOC Web Management
10443
11443
TCP
Cluster*
Inter Node Communication
2181
TCP
Standalone & Cluster
ZooKeeper Communication
2888
3888
TCP
Cluster
ZooKeeper Inter Node Communication
* When a dedicated windows node is used for specific components, these ports also need to be accessible.

ANTI-VIRUS

If not configured properly, regular anti-virus scanning may have a negative impact on both TC Oversight Controls and your data. Scanning certain files and directories could result in negative consequences, such as damaged or permanently lost data. After TC Oversight Controls is installed in your environment, anti-virus scanning must be configured in such a way that certain files and directories are skipped over during a scan. Setting up exceptions in your anti-virus system is required to make sure data needed in the current flow is neither modified nor deleted.

Technically Creative recommends avoiding active anti-virus systems that monitor access to the underlying disk systems used for data storage. These processes store data structures only; nothing is stored that is executable by the underlying operating system. As these processes can be quite active, potentially performing continuous writes against large files, the best performance requires direct, unimpeded access to the underlying filesystem. Any anti-virus system that traps filesystem calls will have a negative impact on system performance.

Required Exceptions
  • Content Repository
  • FlowFile Repository
  • Provenance Repository
  • Database Repository

NETWORKED STORAGE LOCATION

With fault-tolerance and high performance in mind, TCOC can also be installed as a cluster to improve performance. When installing as a cluster there must be a networked storage location to ensure all nodes can access files generated by TCOC.

When installed as a cluster without a networked storage location, all nodes will not be able to process the required files resulting in decreased performance and the possibility for data loss.

ADDITIONAL SOFTWARE

Depending on the capabilities being used; and the environment TCOC is installed for the following software may also be required
Software
Use Description
Elasticsearch
As Elastic partners, we have integrated Elasticsearch into some components of TCOC to provide the ability to perform searches and export data based on predefined queries and requirements at a speed that would not be possible without Elasticsearch.
Redis
When TCOC is installed as a cluster, Redis is used to enable caching of data between nodes to increase throughput of the system.
* When a dedicated windows node is used for specific components, these ports also need to be accessible.

Technically Creative Oversight Controls (TCOC) offers answers
to common compliance questions.