0 Replies Latest reply on Nov 24, 2014 5:34 PM by s7orm

    Changing our MVM architecture.

    s7orm

      Our scope of using MVM 7.5 started small, but now its use and reliance in reporting is growing quickly. We currently have a single VM running all the MVM components except the database, which is hosted on an SQL Server (used by various other business systems). This was running at 100% CPU and RAM while scanning, but still completed in reasonable time. However since we integrated a McAfee Network Security Manager, the performance of our MVM scans has been terrible. We have about 4250 IP addresses according to our license usage, and there are plans to increase what we scan further, including an offsite location. From everything I'm reading in the best practices guide, we need to run up dedicated scan engines.

       

      This is what I was thinking, and would love people with more experience with large setups to provide any input.

       

      Primary VM:

      Web portal

      API Server

      Report Engine

      Notification Service

      Data Sync Service

      Configuration Agent

      Update Service

       

      Database Server:
      Database

       

      Onsite Scanner VM:

      Scan Controller


      Scan Engine

       

      Offsite Scanner VM:

      Scan Controller


      Scan Engine

       

      My Main question is regarding the Scan Controllers, should I run that offsite as well as onsite, or just onsite? Also how do I set which IP ranges/scans the Scan Engines are responsible for? The goal for the offsite scanner is to improve latency in scans and reduce bandwidth. Secondary to that, How is the rest of my design? McAfee recommends the Web Portal hosted on its own system, but we only have 1 or 2 security staff looking at it at most, so I figured it would be best to sit on the same server as the API.

       

      Thanks