Clustered Intruson Detection System

Ideas for creating a scalable architecture for very large enterprises.

• Create a LINUX-based IDS appliance with clustering enabled.
• After establishment of first node, additional nodes can be dropped in and configured directly into the cluster.
• Added nodes will pull configurations from existing nodes and self-configure after initial node config.
• Once finalized, nodes will form cluster and share CPU, memory, and application space. This provides drop-in scalability merely by adding more appliance units and configuring.
• Incoming spanned traffic will have to be load balanced among promiscuous NICs.