Professional Documents
Culture Documents
Version 15.1
Symantec™ Data Loss Prevention Endpoint Server
Scalability Guide
Documentation version: 15.1
Legal Notice
Copyright © 2018 Symantec Corporation. All rights reserved.
Symantec, the Symantec Logo and the Checkmark Logo are trademarks or registered trademarks of
Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks
of their respective owners.
This Symantec product may contain third party software for which Symantec is required to provide attribution
to the third party (“Third Party Programs”). Some of the Third Party Programs are available under open
source or free software licenses. The License Agreement accompanying the Software does not alter any
rights or obligations you may have under those open source or free software licenses. Please see the
Third Party Legal Notice Appendix to this Documentation or TPIP ReadMe File accompanying this Symantec
product for more information on the Third Party Programs.
The product described in this document is distributed under licenses restricting its use, copying, distribution,
and decompilation/reverse engineering. No part of this document may be reproduced in any form by any
means without prior written authorization of Symantec Corporation and its licensors, if any.
THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS,
REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE
DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY
INVALID. SYMANTEC CORPORATION SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL
DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS
DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO
CHANGE WITHOUT NOTICE.
The Licensed Software and Documentation are deemed to be commercial computer software as defined
in FAR 12.212 and subject to restricted rights as defined in FAR Section 52.227-19 "Commercial Computer
Software - Restricted Rights" and DFARS 227.7202, et seq. "Commercial Computer Software and
Commercial Computer Software Documentation," as applicable, and any successor regulations, whether
delivered by Symantec as on premises or hosted services. Any use, modification, reproduction release,
performance, display or disclosure of the Licensed Software and Documentation by the U.S. Government
shall be solely in accordance with the terms of this Agreement.
Symantec Corporation
350 Ellis Street
Mountain View, CA 94043
http://www.symantec.com
Contents
Agents The tests used three host systems that each ran 10,000
simulated DLP Agents.
■ Gramm-Leach-Bliley
■ HIPPA and HITECH
■ Keyword
Incidents generated during testing During the eight-hour test, the simulated agents sent one
Clipboard incident every three hours. The incidents were
triggered by either keyword matches or EDM matches
(which uses two-tier detection).
Events sent during testing The simulated agents sent the following events:
Figure 2-1 shows the architecture that was used for testing.
Note: The tests were performed a minimum of three times and performance measurements
were averaged among the test results.
Performance measurements
The following aspects of Endpoint Server performance were measured:
■ Overall CPU usage
■ CPU usage of Endpoint Server processes
■ Overall system memory usage
■ Memory usage for all Endpoint Server processes
■ Process crashes and restarts
■ Disconnection of agents (if any)
■ Number of disconnected agents
■ Time that is required for all agents to reconnect
■ Time that is required for a new policy to reach all agents
Testing methodology 11
Test scenarios and execution
■ Test results
■ Deployment recommendations
Test results
Table 3-1 describes the scalability test results.
Observation Description
Observation Description
Number of agents supported with persistent connection If agents are set up to connect to the Endpoint Server
using a persistent connection, 10,000 agents are supported
to connect.
Table 3-2 lists the Endpoint Server performance test results based on scenario.
Deployment recommendations
Symantec recommends the following based on the test results.
■ Host the Endpoint Server on a physical computer that is dedicated only to the functions of
the server.
■ Use server-grade computers with a minimum of 16 GB RAM and 4-core processors.
Note: Increasing CPU and memory resources is not directly proportional to the ability of an
Endpoint Server to support additional agents.
■ Consider that networking speed, latency, and the use of load balancers in the network can
affect the overall performance of the Endpoint Server.