For the sake of load balancing, performance, and fault tolerance, large organizations often deploy multiple instances of the DeviceLock Enterprise Server to gather data from the endpoints’ DeviceLock Service logs. Unless each DeviceLock Enterprise Server instance’s configuration is pointing to a common back end SQL database, the activity data relating to different users or computers would be stored on different servers. Such distributed data storage can delay investigations and reporting when a complete data set is required for all users and computers. Where having a common back end SQL database the instances can push to is not possible or practical, the issue of having multiple standalone DeviceLock Enterprise Server and database instances can be addressed by DeviceLock’s ability to forward the log data from the separate servers to a “central collection server” to consolidate the logs.

This “central collection” DeviceLock Enterprise Server can be used as a central storage for DeviceLock logs from other servers, which are referred to as “remote servers”. Remote servers can send copies of their logs to the central collection server on a scheduled basis. Configuration options allow the selection of which logs to send, and when. The central collection server can be located on an on-premises computer or in the cloud (see Appendix: Consolidating the Logs in the Cloud Using OpenVPN).

The consolidation of logs enables the implementation of a data/traffic management scenario where the remote servers accumulate logs during working hours, and at night they forward the accumulated data to the central collection server. For example, organizations with branches across multiple geographic areas could deploy servers in their branch offices to collect locally during work hours and then forward logs to a central collection server after hours. The main advantage of such a deployment is that the collection and forwarding of logs do not overload communication channels between branches during normal working hours. At night, when the channels are mostly idle, it would be practical to forward the remote server log data to the central collection server. As a result, the central server collects logs from all branches without any adverse effect on network communication channels, and the full log data set would be available for investigation and reporting purposes each morning.

For further details, see Getting Started Using the Consolidation of Logs.