Navigation
Back up to About Overview
[+] Expand All
[-] Collapse All
Download This Guide
Management Scalability
The supported management scalability is:
- The VM setup must have 32 GB of RAM and must stop running OpenNMS (in a single or a two-node fabric). Security Director supports 15K firewall rules per policy. In concurrent cases, a maximum of 40K firewall rules per policy can be processed at a time with different publish, preview, and update jobs (in a two-node VM or a JA2500 fabric setup).
- By default, the monitor polling is set to 15 minutes and
resource usage polling is set to 10 minutes. This polling time changes
to 30 minutes for a large-scale data center setup such as one for
200 high-end SRX Series devices managed in Security Director.
Note: You can manually configure the monitor polling on the Administration > Monitor Settings page.
- Security Director supports a maximum of 10K SRX Series devices in a six-node Junos Space fabric (four JBoss servers and two database nodes). In a 10K SRX Series setup, all settings for monitoring polling must be set to 60 minutes. If monitoring is not required, disable it to improve your publish or update job performance.
- To improve the performance further, increase the Update
sub-jobs thread number in the database. To increase the Update sub-jobs
thread in the database, run the following command:
#mysql -pnetscreen mysql> update RuntimePreferencesEntity SET value=20 where name='UPDATE_MAX_SUBJOBS_PER_NODE'; mysql> exit
- Security Director supports 100K firewall rules concurrently
with delta publish and update.
The following system configuration is required for delta publish and update support:
- Two-node Junos Space fabric VM. The VM must have an SSD hard disk with 32 GB of RAM.
- The OpenNMS must be stopped in the setup. You must restart the JBoss application after stopping OpenNMS.
Note: If you use the database dedicated setup (SSD hard disk VMs) for this deployment, the performance of publish and update is better compared with the normal two-node Junos Space fabric setup.
