Scanning and Reputation server client limit?
We are planning to get protection to our VMware VDI-desktops. SVCE seems like very interesting product.
I have video from old webinar, where mr. Harri Ruusinen tell that one Scanning and Reputation server can handle about 100 client machines. What is the reason for that 100 client limit? Does SRS start eating too much memory or Disk IO? What about case that in one physical host we have 300 virtual desktops: scenario 1) We install 3 SRS server, each with 100 client or Scenario 2) we cannot use more than 100 clients after start using SVCE/SRS?
Answers will be appreciated
There is no strict limits for the number of virtual clients. However in practice you should stay below 100 clients or you might encounter problems.
1)Multiplying the SRS instances is indeed the solution to handled a greater number of virtual clients.
I have one question coherent to this topic. Is there any kind of advertence that SRS is under stress etc? I mean how can I check that my SRS is able to serve current number of hosts successfully? Any log message, rejected requests, utilisation, on SRS or host side...
Second question: will be in new version of PMS visible that Offlod scanning is installed? The same as you can see in PMS if Internet shield or Browsing protection is installed and status of them.
Dmitriy Posts: 212 F-Secure Employee
100 clients per 1 SRS is recommendation based on internal tests we did with LoginVSI tool. The SRS can handle more clients and adding more CPU and RAM to the virtual appliance may improve overall performance. However, I'd recommend you to monitor performance of your whole environment (VDI) after initial deployment and be ready to add more SRS instances or adjust CPU/RAM resources based on performance figures.
You should have multiple SRS servers to avoid a single point of failure. What if a "funny" file crashes the virus scanning engine in SRS? It takes time for the services to restart, but the other SRS server(s) could provide un-interrupted scanning service during that time!
What if you have to upgrade SRS version? With multiple servers upgraded one-by-one, any downtime can be avoided for the clients. Remember that F-Secure CS is unable to revert to locally hosted scan engines in case of SRS connection problems.
Best Regards: Tamas Feher, Hungary.