This section describes the recommended system structure when Systemwalker Desktop Keeper is used.

The whole image of the system structure of Systemwalker Desktop Keeper is as follows:

This describes the setting standard for the Management, Master Management Server and the Log Analyzer Server. When using the log analysis function or the report output function, please determine the structure after judging the respective setting standard of the Management Server/Master Management Server or the Log Analyzer Server comprehensively.

The number of Management Servers required can be judged according to the number of clients (CTs) being managed and whether file operation logs are collected.

Up to 5000 clients (CTs) can be connected with one Management Server. The standard is as follows:

[When not to collect operation logs]

• Please take a maximum of 5000 clients as a standard.

[When collecting file operation logs]

• Please take a maximum of 1000 clients (assume that there are 1000 logs per day) as a standard.

[When not to collect file operation logs]

• Please take a maximum of 2000 clients (assume that there are 500 logs per day) as a standard.

If the number of clients (CTs) connected with one Management Server exceeds the standard, it is better to add more Management Servers, and equally allocate those clients (CTs) under each Management Server. Meanwhile, one Master Management Server should be set.

When the log analysis function and report output function are used, the number of needed Log Analyzer Servers can be judged.

Judgment of the number of Log Analyzer Servers to be set can be performed according to the following three points:

• Organization structure

  Log analysis and report output of Systemwalker Desktop Keeper is performed in the unit of the Log Analyzer Server.

  If a specific organization (company) uses multiple Log Analyzer Servers, neither the aggregation of the whole organization (company) nor its whole organization (company) can be summarized in one report.

  Therefore, it is necessary to consider organization structure, determine the aggregation unit and report summarization unit and set the Log Analyzer Server accordingly.

• Aggregation condition

  In order to analyze and aggregate logs, set “Screening Condition” and “Exclusion Condition” in the unit of the Log Analyzer Server.

  Set the keyword for log aggregation, etc., in “Screening Condition”. Set the PC that is not the aggregation target in “Exclusion Condition”.

  Therefore, if the same Log Analyzer Server is set when conditions completely change with organization, the range of conditions will be enlarged too much, which may lead to lower accuracy of analysis. It is necessary to set the Log Analyzer Server in the organization unit with relatively similar conditions.

  For what kind of conditions should be set, please refer to “1.2.7 Determine Analysis Condition of the Log Analyzer”.

• Amount of logs

  When the amount of logs being analyzed or aggregated is too great, the aggregation process may take some time, and an error may occur.

  Please take up to 180 million logs (this number comes from one year of collection, with 500 PCs with 1000 logs collected on each PC per day) to be analyzed on one Log Analyzer Server as a standard. In addition, please take around 500 thousand logs to be moved in at most per day as a standard.

  When this standard is exceeded, consider adding more Log Analyzer Servers.

  
  

In addition, apart from examining the above factors, the relationship with the Management Server/Master Management Server should also be considered.

The Log Analyzer Server can be installed on the computer with the Management Server/Master Management Server installed. In addition, it can also be installed on a computer that is different from the one with the Management Server/Master Management Server installed.

Log information of multiple Management Servers/Master Management Servers can be analyzed on one Log Analyzer Server. However, log information on one Management Server/Master Management Server cannot be distributed to multiple Log Analyzer Servers for analysis and aggregation.

In addition, the environment between the Log Analyzer Server and the Management Server/Master Management Server should enable the setting of a network shared folder. The shared folder is created on the Log Analyzer Server.

The following information is transferred from the Management Server/Master Management Server to the Log Analyzer Server using this shared folder:

• Operation logs collected on the Management Server/Master Management Server

• Administrator information

The transmission schedule can be set separately, but it is recommended to perform this during the night while business is stopped. Log transmission cannot be performed multiple times in one day.

The system structure of the Management Server/Master Management Server and the Log Analyzer Server includes the following two patterns:

[When setting Log Analyzer Server for one Management Server]

When operating with one Management Server, please configure the Log Analyzer Server on this Management Server. However, when hardware requirements are not satisfied, it is okay to use another server.

[When setting Log Analyzer Server for multiple Management Servers]

When operating with multiple Management Servers/Master Management Servers, it is necessary to add Log Analyzer Servers based on the number of clients (CTs) and the log saving period on the Log Analyzer Server.

The setting standard of one Log Analyzer Server is as follows (calculated from 1000 logs as the log amount of one CT per day):

Log Saving Period	Number of CTs managed in the Log Analyzer Server	Average number of Management Servers (including the Master Management Server) (Notes)
2 months	3000 pcs	6 pcs
3 months	2000 pcs	4 pcs
6 months	1000 pcs	2 pcs
12 months (1 year)	500 pcs	1 pcs

Notes: Calculated from 500 CTs managed by one Management Server.

If the log saving period is 2 months, the structure example of 1 Master Management and 5 Management Servers (average number of CTs of each server is 500) is as follows: