Removing SVM from pool of available scanning servers
I'd like to know the 'best practice' for removing a SVM offload scanner from the pool of SVM/scanning servers?
We have a total of 6 SVMs and our SVM manager. We'd like to remove three of them temporarily so that they can be scanned offline for vulnerabilities, and then re-joined to the pool.
We have more than enough SVMs to handle our present load but want to do this because we anticipate an influx of new VMs in our environment. We want to do this scanning before end of the month (November) for the anticipated increase in VMs in January.
I have tested this by removing the MOVE OSS components and that seems to redistribute the load to the other SVMs (I've done this with one SVM) but I wanted to know if that is the best practice?
As long as you are sure that removing 3 SVM's wont cause a load issue you can do that. There is no best practice guide as such for this because it depends on environment.
However we need to make sure that we do not get into any circumstances where removing 3 SVMs creates load issue. So best will be since you have 6 SVM's, get 3 new new servers and add it into SVA-Manager. Remove the old 3 SVM and perform offline scanning. Put back those those SVM's in sva-manager. Then you can remove the newly created SVM's from the pool. In this way we know load sharing will not be an issue.