Cloud Insights Workload Security  Fpolicy Best Practice and Recommendations

What are some Best Practices and Recommendations pertaining to Cloud Secure Fpolicy Deployments?

Cloud Secure Specific Recommendations:

• Configuring the ONTAP SVM Data Collector - follow the Before you Begin section for Cloud Insight\Cloud Secure Data Collector Best Practices
• For optimal performance, you should configure the FPolicy server to be on the same subnet as the storage system.

NetApp Specific Recommendations:

• Upgrade to the appropriate versions of ONTAP that have fixes for known fpolicy related issues

  • 1438207 - FPolicy might stop sending screen requests to the external engine if it enters a throttling state

• For Cloud Secure External Engines, set send-buffer-size  to 1MB or greater

  • via the Cloud Secure UI, there is an option to set "Set ONTAP Send Buffer size" (1MB to 6MB)

• To lessen the potential impact of latency, set abort timeout lower, for example: 5s.

If there is a large amount of latency between the Collector and the SVM, it can cause a delay in the TCP acknowledgements, and potential impact to latency in very rare occasions.

To decrease end-user latency in cases where there are connection issues or CPU starvation on the collector, it is recommended to lower the "Timeout for Aborting a Request" from 40 to 5 seconds.

Please NOTE this value is automatically set by Cloud Secure.

General Recommendations:

• Ensure Data Collectors are appropriately sized based on number of events seen.

  • Use tools available on Agent - SVM Event Rate Checker

    • NOTE: Take special care in running the SVM Event Rate Checker against Existing Fpolicy Configurations or systems which are highly utilized.
      Best practice to help minimize performance impact is run the tool at less utilized times or maintenence windows.

  • Create Cloud Insight FPolicy Dashboards - How to create a dashboard in Cloud Insight to determine Fpolicy request rate