When using the Control Compliance Suite (CCS) console local to the CCS application server (same LAN and/or geographical location) - the console works fine. However, when using the console to connect from remote locations, the console could be slow to start up (over 15 minutes) and eventually produce an error reporting it failed to retrieve data.
The Symantec CCS Console component design generally allows for a robust experience for end users on most networks. The design is primarily as a Local Area Network (LAN) tool however several use cases were considered to also provide the best reasonable experience on a Wide Area Network (WAN) as it is anticipated that in many cases remote users will require access to the system. Functional results proved very effective on WAN connections provided adequate throughput is available and free of TCP/IP performance inhibiting conditions.
A strong business case was seen by our customers and partners to load workspaces which display not only a list of highest level folders and leaf objects but also contain all properties associated with each object in the organizational structure. As a network tool each time a workspace is accessed network connection calls must be initiated to access the required data. Therefore, if only a list of high level objects were returned when the workspace opened then users would experience connection related delays every time they tried to access a lower level folder or read the properties of objects.
Enterprise installations are expected to contain hundreds of thousands of assets, very large numbers of standards checks, job runs, etc resulting in many workspaces and the associated data requiring network bandwidth to receive. Testing demonstrated that as network performance or throughput degraded CCS Console read time increased, sometimes to an unacceptable level for satisfactory customer usage.
Since the console uses TCP to communicate with the CCS Application Server any network issues related to high latency, packet loss, packet reordering has a negative impact on the console performance. This behavior is expected as the network issues described above exponentially negatively impact the QoS of a TCP connection.
Consultation with product stakeholders identified the best solution for slow read times across the WAN to be a remote desktop connection (RDP) into the datacenter to run the console on one of the CCS Core components deployed there. RDP works much better over slower network connections since the CCS data transfer happens inside the core network with transmission of only the graphical changes required to update the display for the client.
Therefore when it comes to WAN links negativly affected by high latency, packet loss and packet reordering, Symantec recomments an RDP connection into the datacenter to run the console from there.
Control Compliance Suite version 9, 10, 10.5 and 11