cancel
Showing results for 
Search instead for 
Did you mean: 

Does Mcafee Offload scan server need to be on the same Hypervisor?

Hi,

Is it necessary to have Mcafee Offload scan server on the same hypervisor?

Thanks

Shubham Arora

9 Replies

Re: Does Mcafee Offload scan server need to be on the same Hypervisor?

Quick response on this would be highly appreciated.

Thanks

Shubham Arora

Re: Does Mcafee Offload scan server need to be on the same Hypervisor?

For the Multiplatform scanners, they do not have to be on the same server. Just the same datacenter. The Agentless option (vShield) requires a single one per hypervisor.

Re: Does Mcafee Offload scan server need to be on the same Hypervisor?

Any specific reason for why they need to be in the same datacenter?

Thanks

Shubham Arora

Re: Does Mcafee Offload scan server need to be on the same Hypervisor?

Because you really don't want to pass that network traffic across slower network links. Oh, it will function but you won't like the results. Theoretically, you can slow down the link between the agent the MP scanner to dial up and it will probably function.

bmeckle
Level 7
Report Inappropriate Content
Message 6 of 10

Re: Does Mcafee Offload scan server need to be on the same Hypervisor?

On a somewhat related note.  Does a multiplatform offload scanner have to be virtual or can it be physical? 

georgec
Level 13
Report Inappropriate Content
Message 7 of 10

Re: Does Mcafee Offload scan server need to be on the same Hypervisor?

It can be physical also.

Re: Does Mcafee Offload scan server need to be on the same Hypervisor?

Hi,

Thanks for the reply.

What is the recommended design? To have the Offload scan servers on Physical server or on a Virtual machine running on Hyper-V?

Regards

Shubham

Re: Does Mcafee Offload scan server need to be on the same Hypervisor?

It doesn't matter. I've never done them with physical servers but you want to make sure that the scanner has plenty of resources available. I generally create them as 4CPU + 4GB RAM machines. The most important factor is to make sure not to cross routers. Each router adds latency and that's going to be the biggest peformance issue (other than "not enough resources on the scan servers")

Re: Does Mcafee Offload scan server need to be on the same Hypervisor?

This could probably be it's own thread, but what kind of resource usage do you normally see with your MOVE SVA's? and what kind of environment are you running? what is your VM density on your hostsy? We've got 5 blades in a cluster, with ~50 VM's per host (call center VM's, VMware View Linked Clones, 2cpu/2gb ram), with the default 2vCPU/2GB ram on the move SVA's. according to the  Performance tab in vSphere Client, the move SVA's average like 1.5% of CPU and maybe 150mb of active ram usage. there are occasional spikes up to maybe 50% cpu but i can't say ive EVER seen them use any significant resources for an extended period of time. but ive seen posts on here indicating people are maxing out the resources on the 2cpu/2ram config and i'm wondering if we've got some issue and dont know it. everytime we try an EICAR file it gets detected immediately so we believe everything is working fine. i do know we see MASSIVE traffic, both RX and TX to the SVA's, but even with 60mbps of RX traffic to a single SVA, we didnt see a significant resource spike. is there a correlation between network traffic and CPU usage? i would think so, but we aren't seeing it. we've got OAS for Agentless configured to do On Open and On Close scanning. EICARs get detected. etc. is there any way to see statistics that would tell us if there is something wrong? like a Files Scanned report showing how many scanned, average number of files scanned per minute/hour/etc? is there any way to tell WHY we are seeing so much traffic? 60mbps seems insane for task-based call center users running on Linked Clones.