About deploy ATA in forest with many domain, and child domain RRS feed

  • Question

  • I need to deploy for 1 enterprise have 1 forest with multi domain, and child domain. And i want ask you that  can I deploy 1 ATA gateway to collect all network traffict from all domain, and is need this ATA gateway server join domain. If it need to join domain, its  should join domain root, or it can join any domain belong this forest. 

    And add 1 question, i just configure port mirroring to send all traffict from DC to ATA gateway, and ATA gateway auto caputer and analystic. Do i need do anything else?

    Thank you.

    Tuesday, August 30, 2016 4:35 AM


All replies

  • Hi,

    An ATA center can monitor a single AD forest (single or multi-domain).  So you will need 1 ATA Center.  To get the DC traffic a GW can monitor 1 or more DCs from 1 or more domains.  You could also use LWGW and install on each DC.  I recommend you run the ATA sizing tool (http://aka.ms/atasizingtool) to see how many packets your DCs are receiving.  Use the busy column on both Center and DCs to see what CPU/Memory you need.

    See: https://docs.microsoft.com/en-us/advanced-threat-analytics/plan-design/ata-capacity-planning

    • Marked as answer by tranguyen1459 Tuesday, September 6, 2016 8:03 AM
    Wednesday, August 31, 2016 2:42 PM
  • thanks you for reply, i can ask you 1 question, its  not relate with above question?

     i want to ask a bout deploy RMS connector, and can be MFA connector. This time, i deploy EMS and its include Azure RMS, with MFA to enterprise, but they just sync some user in group is defined by them. So i should deploy rms connector, and mfa connector to secure their exchange or no. And if no deploy there, so rms, and mfa just effect with user sync and use office 365, is it right? 

    Tuesday, September 6, 2016 8:04 AM