Detailed Results
Using the aforementioned methodology, and the configuring DLP as explained in the configuration section, a maximum endpoint server capacity test was performed. In the tested scenario, each of the five endpoint simulator running VMs can simulate up to 5,000 clients, and additional 150 clients for incident injection for a total of 25,150 clients for all VMs, of which 25,012 endpoints registered. For this test the RAP feature was disabled.
Configuration components with their size for this test are as follows:
- Resource resolver - a subset of the imported user directory is saved on the client – 1MB.
- Policy – all active policies relevant to the client is also downloaded. This includes additional classifier files such as scripts, dictionaries and DLibs – 2.5MB.
- Profile – Holds the endpoint profile relevant to the client, defines communication with the endpoint server, update timers etc. – 42KB.
- Fingerprints – The endpoint client holds relevant fingerprint database (FPNE) to allow fingerprint classification – 27MB.
| Component Name | Size |
|---|---|
| Resource resolver | 1MB |
| Policy | 2.5MB |
| Profile | 0.042MB |
| Fingerprints | 27MB |
This brings the total configuration size to about 30.5MB per client.
Each of these components is updated individually so if for example between update intervals only the Policy component changes, only it will be updated, not downloading the other up-to date components
In addition, every endpoint client pings the endpoint server in a set interval. In this test a value of 10 minutes was used.
The various test stages attempt to simulate real-life usage scenario for the endpoint server. Initially, the server starts and starts receiving registration requests from the endpoint clients that are connected to it. During this update interval – the ramp up stage, each endpoint contacts the endpoint server once, which in turn registers it. Upon the first time an endpoint client is connected to the endpoint server, all configuration components are downloaded for each. This is the stage where server utilization is the highest.
The ramp up stage is followed by an idle update interval – this is the most common state the endpoint server resides in – endpoints are connected and sending periodic updates, with no configuration updates needed.
The following steps cover all possible configuration change scenarios. Policy Update, occurs when the policy configuration component change, when DLP policies are modified. Profile Update, occurs when the profile configuration component change, when endpoint profiles are modified. Fingerprint Update, occurs when the fingerprinting component is updated, when fingerprint databases change.