The Spirion Console scales in parallel with the underlying Microsoft technologies (e.g., Microsoft Windows, Microsoft Internet Information Services (IIS), and Microsoft SQL Server); however, this article provides general guidance on hardware sizing.
The required hardware for the console is dependent upon a variety of factors, such as the number of endpoints reporting into the console, the amount of data found on each of the endpoints, the number of searches performed within a time period, and the amount of time the data will be kept online (the console can only report on the data that is kept online in the database).
The application (IIS) server and the database server require specific versions to run the Console. Complete system requirments are detailed in the Console Deployment Guide.
- Minimum Required OS: Windows 2008, 2008 R2, 2012 or 2012 R2 or 2016 (x86 and x64 are supported; however, Itanium is not supported)
- Recommended OS: Windows 2016 x64
- Minimum Required OS: Windows 2008, 2008 R2, 2012 or 2012 R2 or 2016 (x86, x64, or Itanium)
- Recommended OS: Windows 2016 x64
- Minimum Required DB: SQL Server 2008, 2008 R2, 2012, 2014, or 2016. All editions of SQL Server are supported on production systems except SQL Server Compact Edition and SQL Server Express. For evaluation or test deployments that are under 4GB in size (of the data residing in the database), SQL Server Express may be used, but it is not supported for any production deployment.
- Recommended DB: SQL Server 2016 x64
Note: The database server may exist on the same system as the application server or on a separate system. Separate systems with a dedicated, tuned database server are recommended.
For any number of endpoints reporting into the Console, at least 8 CPUs are recommended for each the IIS server and the Database server (either physical CPUs, virtual CPUS, or cores). If both the IIS and Database server are on the same physical system the suggestions in the table below should be doubled. For example, in an environment with 10,000 endpoints and 1 server, there should be at least 24 CPU's (12 for IIS and 12 for the DB). The following chart details suggested processors:
Number of Endpoints
Suggested Number of CPUs per Server (each for IIS and DB)
For any number of endpoints reporting into the Console, at least 16GB of RAM are recommended for the IIS server and 32GB for the Database server. SQL Express is only capable of utilizing 1GB of RAM, so SQL Server Standard Edition or higher must be used in production environments. The suggested amount of RAM can be estimated using the "Identity Finder Console Database Sizing Tool" attached to this article.
When changing the amount of memory available to the SQL Server please ensure that the Maximum Server Memory setting in the SQL Server is modified to reflect the new memory available. The instructions for doing so are in the following linked article:
Database Disk Space
The attached tool, "Identity Finder Console Database Sizing Tool," will assist in planning for the appropriate amount of database disk space. This tool can also be used over time to import statistical data from a console database and provide more accurate sizing information.
To get started:
- Download the file "Console_Database_Sizing_Tool.zip" attached to this article
- Extract the contents of the zip
- Right click on the application "DatabaseSizeEstimator.exe" and select "Run as administrator"
- Accept the default values or modify the seven fields in the "Searches Estimates" section of the Sizing Simulation tab, as desired.
- Select the number of months for which to estimate size.
- Click "Calculate."
The "Estimated Database Size" field will display an estimate of the necessary disk space required by the database to store the data according to the specified estimates.
The "Estimated RAM Required" field will display an estimate of the necessary amount of RAM required by the database server to handle the load generated by the data according to the specified estimates. When the "Estimated RAM Required" field displays “>16GB”, configure the system with at least 32GB of RAM. Over time, a SQL Server database administrator should monitor memory, CPU and disk usage, and console application responsiveness to determine an appropriate amount of RAM for the Database Server.
To get more accurate/detailed estimates, populate information from a database or use the Rows Counts and Columns Sizes tabs to refine the calculations. Also note other factors as described in the Additional Details section of this article.
Sizing Simulation Tab
This tab is used to modify the variables with the most impact for the sizing simulation, specify the number of months for which to display the simulation, and displays the output.
Use the default values, specify individual values, or load real data from an existing console database.
- Number of Reporting Endpoints: The number of unique endpoints that will be reporting search data to the console. If using a single computer to search multiple computers or a network storage location, this would be 1. If using a single computer to search multiple remote computers, the total number of computers searched should be entered. For example, when using 1 machine to remotely search 5 machines, this value should be set to 5 (or 6 if the local machine is also being searched).
- Average Number of Locations per Endpoint: The average number of locations estimated to contain matches on each endpoint.
- Average Number of Matches per Location: The average number of unique matches estimated to be found in each location.
- Average Number of Log Lines per Search: By default, logs are not sent, so this should generally remain 0. When the DLP Endpoint software is configured to send log data, this will vary greatly depending on the type of log messages that are sent. For example, when sending Locations Searched log messages (not recommended), there will be a log entry for each individual location (file, e-mail message, etc) that is searched. It is rarely necessary for any log information to be needed on the console but INFO and possibly ERROR messages may be useful during troubleshooting.
- Searches per Endpoint per Month: The number of searches on each of the Reporting Endpoints each month
- New Locations per Search: The average number of new locations estimated to contain matches that were not found on a previous search of the endpoint.
- Locations Protected per Search: The number of the “Average Number of Locations per Endpoint” that are estimated to have an action performed on them that would cause them not to be found on a subsequent search (this would be any action other than potentially Scrub which may cause the location to be found again, just with less matches (e.g., those that weren’t scrubbed)).
- Specify the number of months for which the data will be retained. For the simulation, keep in mind that there may be service jobs that are scheduled to purge data over time.
Populate from DB...
- When a console database already exists and contains real data, the tool can be used to analyze that data for future storage requirements. In this use case, it is necessary to run the tool locally on the console server (the same location used to run the Console Administrator Tool (CAT)). To use this feature, select "Populate from DB..." and navigate to the folder containing the common.config file. By default, this folder is C:\Program Files\Identity Finder Console
- After making changes to the values on any tab, an XML file can be saved with those settings for loading in a future session of the tool.
Rows Counts Tab
This tab shows a lot of the underlying data that goes into the calculations and can be modified as necessary. For example, the number of AD users that will be sync’d to console can be changed (default 1000) though this and many other values do not have a material impact on database space. Data such as number of tags or number of policies can also be specified. After making modifications, return to the Sizing Simulation tab and select "Calculate."
Columns Sizes Tab
This tab can be used to set some additional, advanced information which shows how much data each field will contain. For example, if AD user names are especially log, that value can be increased.
Columns Sizes Estimates in Characters
- By default, the column size are listed in Characters. When this checkbox is cleared, this value is in bytes.
- The sizing tool does not consider database fragmentation, internal free space, and other internal overhead during calculation; this makes estimation generally more accurate for large rather than small installations.
- The SQL fill-factor is assumed to be 100 (SQL Server's default), this value can be changed by directly editing the XML. More information on the fill-factor is available from Microsoft, here: http://msdn.microsoft.com/en-us/library/ms177459.aspx