DII Storage Workload Security  Fpolicy Best Practice and Recommendations

What are some Best Practices and Recommendations pertaining to Storage Workload Security Fpolicy Deployments?

Storage Workload Security Specific Recommendations:

• Configuring the ONTAP SVM Data Collector - follow the Before you Begin section for Data Infrastructure Insight (DII)\Storage Workload Security Data Collector Best Practices
• For optimal performance, you should configure the FPolicy server to be on the same subnet as the storage system.

NetApp Specific Recommendations:

• Upgrade to the appropriate versions of ONTAP that have fixes for known fpolicy related issues

  • 1438207 - FPolicy might stop sending screen requests to the external engine if it enters a throttling state

• For Storage Workload Security External Engines, set send-buffer-size  to 1MB or greater

  • via the Storage Workload Security UI, there is an option to set "Set ONTAP Send Buffer size" (1MB to 6MB)

• To lessen the potential impact of latency, set abort timeout lower, for example: 5s.

If there is a large amount of latency between the Collector and the SVM, it can cause a delay in the TCP acknowledgements, and potential impact to latency in very rare occasions.

To decrease end-user latency in cases where there are connection issues or CPU starvation on the collector, it is recommended to lower the "Timeout for Aborting a Request" from 40 to 5 seconds.

Please NOTE this value is automatically set by Storage Workload Security.

General Recommendations:

• Ensure Data Collectors are appropriately sized based on number of events seen.

  • Use tools available on Agent - SVM Event Rate Checker

    • NOTE: Take special care in running the SVM Event Rate Checker against Existing Fpolicy Configurations or systems which are highly utilized.
      Best practice to help minimize performance impact is run the tool at less utilized times or maintenence windows.

  • Create DII FPolicy Dashboards - How to create a dashboard in DII to determine Fpolicy request rate