Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Is it possible to tune VMS performance better?

Hi all,

We have tested the performance of VMS2.1 (with latest patches/IDS MC v1.1.1) was not entirely satisfactory while changing a bit configuration (e.g. signature setting for one sensor) or generating the 5 ~ 10 days offline report. We observed some related processes, such as CWJAVA, DBSRV7 hogging at the CPU 100% loading over 7 ~ 15 minutes (Maybe longer than that time). Eventually, it'll take effect the change... but it spend much time to waiting indeed. And I think that should be not acceptable in the critical environment on operation ... any idea? I appreciate if it¡¦d have any workaround or adjustment on VMS setting. Thanks a lot.

Regards, Dennis.

6 REPLIES
New Member

Re: Is it possible to tune VMS performance better?

We are continuing to look at performance on the IDS MC, Security Monitor and the IDS sensors themselves.

I'm not sure I understand your question. What are you asking?

BTW, The latest release is IDS MC and Security Montior 1.2. It is available if you are current on maintenence.

New Member

Re: Is it possible to tune VMS performance better?

Thanks for your information.

Just shared our finding. Every scheduled job processing in VMS spends around total 15 to 20 mins. We checked that the VMS server seemed not qutie busy, but both 4235 sensors always reached the memory 93% usage peak. Could you think the busy sensors caused this problem? That's why VMS haven't received any response from sensors about such job update.

Cisco Employee

Re: Is it possible to tune VMS performance better?

Dennis,

Is this sensor on 4.x sig? If so, can you maybe clear the sniffing interface or disconnect the sniffing int and then try to send in the config deployment? This is just for testing. Please let me know your results. It might be the case that the sensor is very busy sniffing the network.

Thanks,

yaitn

New Member

Re: Is it possible to tune VMS performance better?

Hi Yaitn,

All sensors are running on 4.1 with latest sig. I have tried your suggestion but haven't big improvement so far. Indeed, the process time (e.g. config deployment) was decreased now average 10 ~ 15 mins. Could you think this is a normal behavior on the nature of VMS just managing 3 sensors? Here is the detail of sensors shown:

The first 4235 senosr - SPAN trunk traffic with FE port, average 85% memory usage

The second 4235 sensor - Same as above, average 75% memory usage

The third 4230 sensor - SPAN one vlan traffic with FE port, average 75% memory usage

VMS hardware config: P4, 768MB Ram, 20G HDD, FE interface.

To be honest, it spent much time for little change. Can you give some advise how to troubleshooting the problem? Or which part of configuration can be further improve?

Appreciate if you'll have any feedback.

Regards,

Dennis.

New Member

Re: Is it possible to tune VMS performance better?

Hello,

We've experienced much the same problems that you have. Our VMS 2.1 system was a P3-1.13GHZ, 2GB RAM, UW/SCSI3 disk. When upgrading to 2.2 (SecMon + MC 1.2), we added a second processor, but that hasn't seemed to help. Also, we deployed another system running Dual P4-2.8GHz, 3GB RAM, and a RAID5 of 360MB/s disks, and that definitely improved report generation.

However, that doesn't change page load speeds. We have watched both our local system and the remote system when doing page loads (just clicking from one configuration pane to another in IDS MC, for example) and see no high CPU/Memory usage or anything of the sort. Given that this is all Apache/Tomcat powered, I'm assuming that the generation of the servlets is being the bottleneck.

We even hooked into the Sybase database to check out how long it was taking queries to run, but that didn't seem to be a problem, despite the fact that the Sybase server is ASA, which is the equivalent of Microsoft Data Engine.

One thing we have noticed is that we can't cache small graphics, like buttons at the top of the screen. They get pulled every time no matter what, which makes me think the Apache server is sending a no-cache header, but I haven't checked to make sure.

If you Cisco folks could give us some pointers to speed up the general usability of this system, that would be so great. We were not fans of CSPM 2.3.3i, and definitely not of VMS 2.1, but 2.2 seems to be positively solid. If only I could make changes without having to get up and get a cup of coffee!

New Member

Re: Is it possible to tune VMS performance better?

Make sure you have "Save Encrypted Pages to Disk" UNCHECKED in your IE advanced settings window. I just discovered this tonight, and man o man does it speed up VMS. Pageloads that used to take 20 seconds or more are near-instantaneous now. Cisco guys, do you have this documented?

Cheers,

Ben

219
Views
0
Helpful
6
Replies
CreatePlease to create content