What are the factors which contribute to high CPU usage on Network Prevent for Web servers?
The following applies if there are performance issues on the web prevent servers, also ICAP requests queuing on the proxies like Bluecoat, McAfee etc. The following are a few factors which control the performance on the web prevent server
The following settings on the web prevent servers must be tuned accordingly (under advanced server setting page of the web prevent server and the configure page of the web prevent server)
Number of cores available
MessageChain.NumChains = 2 x Number of cores available
Maximum Number of Requests: 2 x (MessageChain.CacheSize )
The size of the ICAP requests which can be configured through enforce under the configure page of the web prevent server. The smaller the size the higher the CPU utilization. The size is 4KB by default.
The detection time of every single ICAP request. This can be observed by enabling the detection trace logging under file readerlogging.properties (symantecDLP\protect\config\ directory on the detection server), the setting is OFF by default it needs to be switched to FINE, it will generate a file, which would contain how long the detection server takes to process the incoming requests. Generally for 4KB ICAP requests, the time taken to process the requests should be in the range of 100-500ms (this may vary), depending on the complexity of the policies. The policies need to be fine tuned to reduce this processing time which in turn improves performance.
Subscribing will provide email updates when this Article is updated. Login is required.