Home → Supercharger KB → FAQ: Frequently Asked Questions → Collector-Initiated (Pull) vs Source-Initiated (Push)
7.1. Collector-Initiated (Pull) vs Source-Initiated (Push)
There are two types of WEC subscription methods: Source-Initiated (aka push) and Collector-Initiated (aka pull). Supercharger creates source-initiated subscriptions for various reasons, for example, performance and security reasons. Below is a comparison chart of each.
Collector vs Source-Initiated Windows Event Subscriptions
***In the chart below, all bold sections are not an issue when using Supercharger for WEC***
| Aspect | Collector-Initiated Subscriptions | Source-Initiated Subscriptions |
|---|---|---|
| Scalability | Less scalable in large environments due to the load on the collector. | Highly scalable as each source initiates the connection, reducing the load on the collector. |
| Ease of Management | Easier initial setup with centralized control. | Requires more complex setup but sources can dynamically discover collectors. |
| Configuration Complexity | Setup and maintenance overhead is complex due to each forwarder having to be manually added to each subscription. | More complex configuration due to the need for individual source settings. |
| Network Efficiency | Can generate more network traffic due to continuous polling by the collector. | More efficient as sources send data only when events occur, reducing unnecessary traffic. |
| Resilience | Event collection stops if the collector goes down, less resilient to network issues. | Sources can buffer events during network issues and send them when connectivity is restored. |
| Security | Collector needs a user account and password on each forwarder. The collector must handle multiple connections. Each forwarder has to be open to incoming connections from the collector(s). | Requires secure communication setup for multiple sources, more challenging to monitor traffic from all sources. |
| Dynamic Environments | Less suitable for environments with frequent changes in sources, manual updates needed for new or removed sources. | Well-suited for dynamic environments as sources can dynamically find and connect to collectors. |
| Performance Bottlenecks | Potential performance issues if the collector is overwhelmed by too many source connections. | Reduces the risk of performance bottlenecks at the collector as each source manages its own connection. |
| Network Overhead | Higher due to continuous polling of sources by the collector. | Lower as data is sent only when events occur, optimizing network usage. |
| Centralized Control | Provides centralized control over the subscription, simplifying management in very small environments. | Less centralized control, but offers flexibility and scalability. |
This page was: Helpful |
Not Helpful