Our scope of using MVM 7.5 started small, but now its use and reliance in reporting is growing quickly. We currently have a single VM running all the MVM components except the database, which is hosted on an SQL Server (used by various other business systems). This was running at 100% CPU and RAM while scanning, but still completed in reasonable time. However since we integrated a McAfee Network Security Manager, the performance of our MVM scans has been terrible. We have about 4250 IP addresses according to our license usage, and there are plans to increase what we scan further, including an offsite location. From everything I'm reading in the best practices guide, we need to run up dedicated scan engines.
This is what I was thinking, and would love people with more experience with large setups to provide any input.
Data Sync Service
Onsite Scanner VM:
Offsite Scanner VM:
My Main question is regarding the Scan Controllers, should I run that offsite as well as onsite, or just onsite? Also how do I set which IP ranges/scans the Scan Engines are responsible for? The goal for the offsite scanner is to improve latency in scans and reduce bandwidth. Secondary to that, How is the rest of my design? McAfee recommends the Web Portal hosted on its own system, but we only have 1 or 2 security staff looking at it at most, so I figured it would be best to sit on the same server as the API.