Endpoint Protection

 View Only

  • 1.  iSCSI backup server very slow after SAV CE 10.1 -> SEP 11 RU5 upgrade

    Posted Dec 18, 2009 09:07 AM
    We have a Server 2003 R2 box with iSCSI disks attached. Each night our disk imaging program running on each server copies the new disk image to this system. With RU5 running the backups take a couple of hours longer than before and they're still running when the business opens, which is a big issue. With SAV CE 10.1 there were no issues.

    We have network scanning turned off and we do use Device Control to keep USB usage monitored. If we shut RU5 down the backups run at a normal speed.

    Any thoughts would be greatly appreciated.

    Ray


  • 2.  RE: iSCSI backup server very slow after SAV CE 10.1 -> SEP 11 RU5 upgrade



  • 3.  RE: iSCSI backup server very slow after SAV CE 10.1 -> SEP 11 RU5 upgrade

    Posted Dec 18, 2009 09:46 AM
    Thanks for the pointer but this is a different issue. We use a program called DriveSnapshot http://www.drivesnapshot.de/en/ that runs on each server. It creates an image of the server and sends it off to the server with the iSCSI drives.

    The problem is not with DriveSnapshot creating the image. The problem is that writing the file to the backup server with the iSCSI drives is taking a lot longer.

    I'm wondering if Device Control is treats the iSCSI drives as "devices"and getting in the way. We need USB device control on the backup server, of course, or someone could run off with all of our backups and protecting the servers themselves would be semi-pointless.

    Ray


  • 4.  RE: iSCSI backup server very slow after SAV CE 10.1 -> SEP 11 RU5 upgrade

    Posted Dec 18, 2009 09:46 AM
    Thanks for the pointer but this is a different issue. We use a program called DriveSnapshot http://www.drivesnapshot.de/en/ that runs on each server. It creates an image of the server and sends it off to the server with the iSCSI drives.

    The problem is not with DriveSnapshot creating the image. The problem is that writing the file to the backup server with the iSCSI drives is taking a lot longer.

    I'm wondering if Device Control is treats the iSCSI drives as "devices"and getting in the way. We need USB device control on the backup server, of course, or someone could run off with all of our backups and protecting the servers themselves would be semi-pointless.

    Ray


  • 5.  RE: iSCSI backup server very slow after SAV CE 10.1 -> SEP 11 RU5 upgrade

    Posted Dec 18, 2009 10:28 AM
    its possible.
    NTP might be inspecting the data which is passed through
    anything in the NTP logs

     


  • 6.  RE: iSCSI backup server very slow after SAV CE 10.1 -> SEP 11 RU5 upgrade

    Posted Dec 18, 2009 09:51 PM
    You could also try creating an exclusion for the image file type.

    Z



  • 7.  RE: iSCSI backup server very slow after SAV CE 10.1 -> SEP 11 RU5 upgrade

    Posted Dec 18, 2009 10:02 PM
     The above are all good possible solutions to the problem.

    Make sure NTP is not running on any servers.  I prefer just AV only myself
    Exclude the image file type from auto-protect
    disable any network file scans
    And finally, perhaps if you must have NTP, create a rule to either allow iSCSI traffic and/or create a signature for IPS to not scan iSCSI traffic
    Or another firewall rule would be an any<>any rule for that iSCSI adapter.




  • 8.  RE: iSCSI backup server very slow after SAV CE 10.1 -> SEP 11 RU5 upgrade

    Posted Dec 19, 2009 12:55 PM
    Thanks to all. Not having USB protection is not an option per our federal regulators. NTP is supported on servers per the manual and Symantec support, despite what has been written elsewhere here by Symantec employees.

    The firewall is installed but disabled in case we need it for outbreak remediation.

    I'm not even sure iSCSI is the issue but it's the only difference between this server and others that work well.

    I'll post back if we figure anything out.

    Ray