Data Center Security Server Advanced and Virtual Pooled Memory

book

Article ID: 172042

calendar_today

Updated On:

Products

Data Center Security Monitoring Edition Data Center Security Server Data Center Security Server Advanced

Issue/Introduction

You would like to know if you should use Pooled or Reserved resources when deploying Data Center Security Server Advanced (DCS:SA) on a virtual machine.

Cause


Pooled Resources:

When a Virtual Machine (VM) is set up with Pooled Resources this means it is given access to a set amount of a resource such as CPU's, RAM, Hard Drive, and Network Interface. However this does not mean the full allotment of resources is available at any given time to this VM. The VM will be sharing these resources with other Machines.

Example: A VM has been given 4 CPU's and 8 GB of RAM from a Pool containing 12 CPU's and 32 GB of RAM. There are five separate VM's with an identical footprint sharing this pool. Mathematically this means there are not enough resources in the Pool for all five VM's to have their full allotment available at all times. However the VMware Administrator has determined that these servers rarely reach maximum utilization, so this is a good way to prevent underutilization of their resources. This is fairly standard practice in most virtual environments.

Reserved Resources:

When a VM is considered Critical to the operation of the business, such as a DNS or LDAP server, it is usually considered best practice to reserve its resources. This prevents a Critical System from not having access to the resources it needs at peak times. Reserving resources means that the entire allotted amount of CPU, RAM, etc are only available to this VM and cannot be shared or accessed by other VM's. However logical this may seem, some feel this leaves those resources "laying around doing nothing" when the Critical Systems are not utilizing them.

A key benefit of Virtual Environments is that you can maximize the utilization of available hardware resources.

Environment

VMware Virtual Servers

Resolution

When working with Security Software, such as our DCS:SA Manager, it is important that the machine be properly sized for the workload. At times this workload will increase due to outbreaks, additional agents being added, logging levels being increased, etc.

When a DCS:SA Manager tries to utilize its available resources, and it cannot because a portion of its allotment is being used by another VM, this can result in anything from odd agent status behavior too service crashes. 

DCS:SA Managers require dedicated reserved resources for both CPU and Memory as we utilize Java memory management. You can either configure a reserved Pool, or specify those reservations on each VM that is functioning as a DCS Manager.