McAfee ENDPOINT ENCRYPTION ENTERPRISE - BEST PRACTICES GUIDE Manual Download | Manualshive

Page: 10 / 26

background image

10

An

Object

Directory

with

5000

users

and

5000

systems

could

be

expected

to

grow

as

follows:

Typical

Growth

of

5000

user/machine

Object

Directory

Day

Data

Size

Approx

Disk

Space

Used

1

83

MB

143

MB

5

89

MB

143

MB

20

204

MB

403

MB

50

396

MB

745

MB

100

747

MB

1050 MB

365

2455

MB

3900 MB

Users

and

systems

are

the

most

prevalent

object

types

in

a

large

database.

Typically,

on

creation,

these

types

of

objects

take

4000

bytes.

A

day’s

audit

adds

around

an

additional

700

bytes

of

data

per

object.

Although

these

figures

are

very

small,

because

of

wasted

space

on

the

Object

Directory

Server’s

hard

disk,

the

actual

disk

size

occupied

by

the

Object

Directory

can

be

4x

or

more

larger.

Virtual

Servers

McAfee

Endpoint

Encryption

Manager

can

be

run

from

a

Virtual

Server

for

lower

numbers

of

Endpoints.

McAfee

recommends

physically

dedicated

hardware

for

high

numbers

of

Endpoints.

Performance

of

virtual

systems

is

dependent

on

many

factors

that

can

significantly

affect

the

overall

product

performance

when

compared

to

physically

dedicated

hardware.

High

‐

speed

access

to

the

data

within

the

Object

Directory

is

required

and

must

be

carefully

considered

and

evaluated

in

a

Virtual

Server

Environment.

Current

testing

of

Virtual

Servers

running

EEPC

operates

within

a

set

numbers

of

database

objects.

McAfee’s

experience

shows

that

performances

issue

arising

from

the

use

of

Virtual

Servers

is

a

result

of:

•

Lack

of

resources

dedicated

to

the

virtual

server.

•

Dynamically

assigned

resources

to

the

virtual

server

which

starves

it

of

the

necessary

performance

during

peak

periods.

•

Slow

or

reduced

disk

access,

resulting

in

a

slower

access

to

the

Object

Directory.

McAfee

supports

the

use

of

Virtual

Servers

running

the

administrative

functionality

of

EEPC

provided

the

appropriate

resources

are

fully

dedicated

to

the

Virtual

Server

at

all

times.

If

performance

problems

are

experienced,

the

resources

available

to

the

Virtual

Server

need

to

be

increased.

Please

refer

to

the

recommended

server

specifications

as

the

minimum

resources

fully

assigned

to

the

Virtual

Server

at

all

times.

These

resources

apply

to

the

specific

image,

and

not

to

the

overall

resources

of

the

host.

Customers

need

to

follow

the

recommendations

of

McAfee

Support

and

raise

a

support

ticket

for

the

issues

related

to

a

Virtual

Server.

These

recommendations

can

vary

from

tweaking

of

server

and

machine

settings

as

specified

in

this

guide

all

the

way

to

moving

the

EEPC

management

environment

to

physical

hardware

as

a

last

resort

if

necessary.

By

engaging

McAfee

professional

services,

they

will

assist

you

in

adequately

scoping

your

deployment

hardware

needs

and

can

recommend

a

best

practices

approach.

As

the

technology

is

evolving

and

better

VM

farms

are

coming

online,

virtual

hardware

support

for

greater

numbers

should

be

possible.

Please

see

McAfee

KB

65747

for

more

information.

This

will

be

reviewed

for

the

next

major

release

(version

6.0

ePO

integrated).

«
...
8
9
10
11
12
...
»

Summary of Contents for ENDPOINT ENCRYPTION ENTERPRISE - BEST PRACTICES GUIDE

Page 1: ...1 McAfee Endpoint Encryption Enterprise Best Practices Guide November 2009...

Page 2: ...d No part of this publication may be reproduced transmitted transcribed stored in a retrieval system or translated into any language in any form or by any means without the written permission of McAfe...

Page 3: ...OF 5000 USER MACHINE OBJECT DIRECTORY 10 VIRTUAL SERVERS 10 GLOBAL DEPLOYMENTS 11 OPTIMISATION ACTIONS 11 OPTIMISATION ACTIONS OVERVIEW 12 NAME INDEXING DBCFG INI 13 WARNINGS 13 DBCFG INI 13 GROUP SI...

Page 4: ...19 CLEARING THE AUDIT 19 DELETED ITEMS CLEANUP 20 CHECKING FOR DATABASE CORRUPTION 20 WHY DOES THE DATABASE GET CORRUPTED 20 ORPHANED OBJECTS 21 RESTORE COMMANDS 21 CLEANUP COMMANDS 21 DUMP MACHINE D...

Page 5: ...e product and the environment in which it is being used before arriving at any decision on implementation strategy Calculations and figures in this guide are based on field evidence and not theoretica...

Page 6: ...a distributed way For example the Web Helpdesk component can be installed on a dedicated web server while the rest of the components are on a separate Endpoint Encryption Server However the majority o...

Page 7: ...hared Server can be used for low numbers Please see Virtual Server section in this guide Virtual hardware has to be of higher specification if resources are shared See Page 11 2000 5000 users systems...

Page 8: ...nvironment has not been fully tested at this time in engineering Load Balancing Given the best configuration is usually a single high performance server with DAS then the least optimal way to perform...

Page 9: ...s The default settings of the Communication Server limit the queue to 200 entries a balance between taking connections and processing connections After that point the connections are refused This is a...

Page 10: ...use of Virtual Servers is a result of Lack of resources dedicated to the virtual server Dynamically assigned resources to the virtual server which starves it of the necessary performance during peak p...

Page 11: ...y is necessary it is better to include endpoints from all regions in the pilot phase Optimisation Actions NOTE These are generic recommendations based on experience but not always be suitable for your...

Page 12: ...me to five minutes Disable NTFS Last Access Update with a registry change Increase the size of the NTFS Master File Table MFT with a registry change Optimize backups Exclude the Object Directory and t...

Page 13: ...smaller than 5000 systems otherwise you find the number by multiplying the number of users or systems in the database by 0 6 Example If the number of users in the database is 10 000 the Locktimeout s...

Page 14: ...lable from your McAfee representative Attribs SingleFile No If this is set to Yes the attributes for objects will be placed into a single file instead of each one having their own file Not generally u...

Page 15: ...ours NOTE A similar setting KeepAliveInterval has a default 1000 1 second this setting is correct so do not change this Last Access Time Stamp NtfsDisableLastAccessUpdate With large databases it is po...

Page 16: ...3 or 4 instead of the default value of 1 Object Directory Backup Tool Setup If you set up your Object Directory backup tool make sure it is not running too many times a day because the in between tim...

Page 17: ...ed you schedule EEPC command line tool SBADMCL to cleanup machine audit and the user audit See Endpoint Encryption Object Directory Maintenance section below File Cache on Raid Hard Drive Controller L...

Page 18: ...containing old deleted users systems and other objects and are found through the System tab in the Endpoint Encryption Manager These objects can slow searches down If these objects are needed for aud...

Page 19: ...ds please see the Endpoint Encryption Scripting Tool User Guide which is found in most normal installations of the Endpoint Encryption Manager Extracting and Clearing Audit from the Database The audit...

Page 20: ...within the Object Directory is renamed The extension of the folder is renamed from RMV to WPE With a very large database these empty removed folders can sometimes slow down searches In a test lab try...

Page 21: ...have a full backup of SBDATA before doing this Restore Commands To restore orphaned user objects back into a group use this command SBADMCL Command RestoreUsers Adminuser Admin Adminpwd mypassword Gr...

Page 22: ...ects in the DumpMaDesc log can be deleted from the database If the normal deletion doesn t work use Windows Explorer to browse to the actual location in the database and delete the physical folder In...

Page 23: ...utes servicing each client EEPC has excellent password synchronization across all the endpoint clients a user is assigned to It is therefore logical that adding thousands of users to each machine will...

Page 24: ...nate Requests This option stops the machine from entering hibernation mode Note this option is not supported in Vista With later versions of EEPC v5 x this should normally be left disabled to allow no...

Page 25: ...ppear as a fixed drive and therefore swaps with the fixed disk after booting from it It can cause recovery problems with Remove or Emergency Boot for example Alternatively use with a floppy disk drive...

Page 26: ...tion to encrypted data Using one autoboot user for too many machines Instead use more autoboot users to reduce the multiple connections and load on the autoboot user object in the database Autoboot us...

Reviews:

No comments

Related manuals for ENDPOINT ENCRYPTION ENTERPRISE - BEST PRACTICES GUIDE

70 MC - ZR70MC MiniDV Digital Camcorder

Brand: Canon Pages: 57

NG Network Access Client SP4

Brand: Barracuda Networks Pages: 268

FLASH 8-LEARNING ACTIONSCRIPT 2.0 IN FLASH

Brand: MACROMEDIA Pages: 830

Brand: Billion Pages: 42

Centralized Network Management

Brand: Asus Pages: 41

Brand: Asus Pages: 11

Brand: Asus Pages: 72

GigaX 1024P User's

Brand: Asus Pages: 44

Brand: Asus Pages: 83

Brand: Asus Pages: 721

ASWM Enterprise

Brand: Asus Pages: 106

Brand: Asus Pages: 118

Lamborghini VX2

Brand: Asus Pages: 88

Brand: Asus Pages: 58

Brand: Asus Pages: 90

Brand: Asus Pages: 73

Brand: Asus Pages: 71

Brand: Asus Pages: 96

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands