When planning the deployment for switching Core Protection Module (CPM) endpoints from default Conventional Scan method to Smart Scan method, refer to the following information for recommended numbers of CPM endpoints before starting deployment.
The following table describes the Smart Protection Relay test environment:
|Specifications||Standard Machine||Low-end Machine|
|Processor Type||Intel Dual Core 2 2.66 GHz||Intel Pentium 4 2.8 GHz|
|Memory||2G RAM||1G RAM|
|Hard Disk||250 GB||200 G|
|Network Card||1G NIC||1G NIC|
The following table shows the recommended number of CPM endpoints for extreme scenarios. Extreme scenarios include situations like the first 24 hours after switching CPM endpoints to Smart Scan method, or everyone coming back to work after a two-week long holiday.
|Specifications||Recommended Number of CPM Endpoints||SPU Usage of SPR|
For CPM v10.5, Trend Micro suggests deploying one layer relays for best performance. That means all Smart Protection Relays will directly query Smart Protection Servers. Administrators can determine how many Smart Protection Servers they need to deploy based on the number of CPM endpoints under Smart Protection Relays.
To reach the maximum capacity for one Smart Protection Server, Trend Micro suggests deploying Smart Protection Server on high-end machines.
The following table describes the Smart Protection Server test environment.
|Model||Dell PowerEdge R710|
|Processor||Two Xeon Quad 2.27 GHz|
|Hard Disk||1.63 TB|
|Network Card||1G NIC|
The capacity data and VM environment details in the test results shown in the table below are based on dedicated virtual machine resource usage (including virtual processors and memory).
Trend Micro also suggests this configuration to achieve supporting the recommended number of CPM endpoints listed in the table below. If the machine hosting Smart Protection Server is resource shared by other VMs, performance and scalability may drop depending on the system resource arrangements for the other VM applications on the same host machine.
|Recommended Number of CPM Endpoints||50,000|
For the recommended 50,000 CPM endpoints, Trend Micro suggests switching CPM endpoints to Smart Scan method in batches. One batch at most should not have more than 5,000 endpoints.
After all endpoints are switched to Smart Scan method, it is also suggested to configure scheduled scans in batches to avoid heavy traffic between Smart Protection Server/Relay and CPM endpoints. Again, in a corporate with 50,000 CPM endpoints, one batch at most should not have more than 5,000 endpoints running scheduled scan simultaneously.
Smart Protection Relay's default network throttle settings can be used when outbound bandwidth is more than 20 Mbps. With default settings, Smart Protection Relay will only use up to 9 Mbps on a 20 Mbps network environment.
If the total outbound bandwidth is less than 20 Mbps, please use the BigFix Fixlet to customize the bandwidth that a Smart Protection Relay is allowed to use. Supported outbound bandwidths are:
The network throttle settings that a Smart Protection Relay uses and their recommended number of smart scan endpoints supported under different bandwidth settings are listed in the table below:
|Total Outbound Bandwidth (5 profiles)||Total Network Throttle for Smart Protection Relay||Network Throttle for Smart Protection Relay - Smart Query Filter Update||Recommended Number of Smart Scan Endpoints|
|256 Kbps||90 Kbps||45 Kbps||8|
|512 Kbps||150 Kbps||45 Kbps||20|
|2 Mbps||614 Kbps||184 Kbps||80|
|6 Mbps||1.8 Mbps||552 Kbps||245|
|10 Mbps||3 Mbps||921 Kbps||410|