Data Loss Prevention

 View Only

  • 1.  Email Prevent Server Load analysis / performance assesment

    Posted Jan 15, 2018 05:05 AM

    Hi all,

     

    I wanted to know, how do you do performance assesment for Email Prevent Servers? I need to do load analysis / performance assesment and come-up with report for one of my client for Email Prevent servers.

    Just wondering what are the data point to be collected to prove the system performance is okay? Please share your thoughts and any report format if someone has done it before.

     

    Any input will be appriciated.

     



  • 2.  RE: Email Prevent Server Load analysis / performance assesment

    Trusted Advisor
    Posted Jan 18, 2018 07:21 PM

    Hi,

     It depend of your architecture, but there is different way to do this :

    - You could send some test emails and do some measurement between system upward and downward your DLP system to see what is latency induced by your email prevent servers

    - You could activate higher log level during a certain amount of time (in logs page on enforce UI you have a email prevent config which switch server to verbose mode, easy to apply no restart needed and you could go back to normal logs in same way). these verbose logs will provide you some time processing measurement at DLP level. Of course this wont include latency induced by network component.

    - You could also used symantec document about this which gives some values for this induced latency. I know that client may not trust vendor information but it is a good start.

    - You could devellop your own tool to perform this measurement by sending email to prevent server and receiving email from prevent and then measure time between two.

     Regards



  • 3.  RE: Email Prevent Server Load analysis / performance assesment

    Posted Jan 18, 2018 09:03 PM

    Thanks, stephene

    appriciate your input



  • 4.  RE: Email Prevent Server Load analysis / performance assesment

    Trusted Advisor
    Posted Jan 19, 2018 02:57 PM

    Umar,

    in reallity whenit comes to Email Prevent the perfromance is based on how much email is being pushed from the MTA to the DLP server and how many connections are opened an processed... 

    Thsi can be tuned so there is never too much of a latency.

    In addition the reality is people do not see email as having to be an instant process.. some email may take a few minutes to get to the destination. So just make sue to follwo the sizing gudie and then configure the number of connectison to match the MTA and there will never be a problem, and if there is a backlog of emails on the MTA then increase the number of connections on both ends and possibly scale the number of DLP servers and put a load balancer in front or MX round robin,

     

    Good Luck

    Ronak

    PLEASE MARKED SOLVED WHEN POSISBLE