Information Centric Analytics (ICA) imports data from data sources, calculates normality and risk scores, generates event scenario and risk model instances, and performs a variety of application and database maintenance tasks through SQL Server Agent jobs. The primary job is the RiskFabric Processing job, which runs once a day (its default schedule is nightly at 00:15). The RiskFabric Intraday job is an optional secondary job that performs a subset of these tasks and is typically scheduled to run every two hours during the day.
In addition to these jobs, ICA installs a handful of ancillary jobs, some of which are optional:
A production ICA environment should be provisioned with adequate resources to enable users to effectively access and use the ICA console while the RiskFabric Intraday Processing job and various ancillary jobs are running (with the exception of the RiskFabric DB Maintenance Weekly job). If users are unable to do so, review the Resolution section of this article.
Version : 6.x
Component : Microsoft SQL Server
As noted in the ICA Administrator Guide, because ICA processes and analyzes vast quantities of incident, event, and other security data, the database server hosting Microsoft SQL Server should be dedicated exclusively for Symantec ICA and not shared with other applications or services. Database backup and maintenance tasks should be scheduled outside of operating hours and should not be scheduled to run concurrently with any of ICA's scheduled jobs.
If users report perform console performance, note the day and time at which this is occurring and review the SQL Server Agent job schedules on the SQL Server hosting the ICA database. If either the nightly or intraday job is the sole job running at the time the console performs poorly, work with your database administrator (DBA) to identify the resource or resources that are constrained and take appropriate steps to increase the availability or capacity of those resources (i.e., RAM, CPU, disk I/O and available space, etc.). Consult the following section of the ICA Administrator Guide to determine whether your environment meets Broadcom's minimum recommended specifications:
For hardware sizing, it is assumed that all servers are dedicated exclusively for Symantec ICA. Of the primary system resources (processors, memory, network, and storage), the resources for storage are the most difficult to estimate for the Symantec ICA life cycle. The following items should be included in storage calculations:
The following recommendations are also taken from the ICA Administrator Guide:
If you find custom or third-party jobs are running at the time at which the console performs poorly, ensure that these jobs aren't running concurrently with any of ICA's jobs. For database maintenance tasks, disable those jobs that are duplicative of index defragmentation operations performed by ICA's RiskFabric DB Maintenance Weekly. Disable third-party jobs whenever possible; when not possible, either schedule these jobs to run outside of operating hours or work with the third-party vendor to determine ways these jobs can be modified to reduce resource contention.