The following management scalability features are supported on Security Director:
By default, monitor polling is set to 15 minutes and resource usage polling is set to 10 minutes. This polling time changes to 30 minutes for a large-scale data center setup such as one for 200 SRX Series devices managed in Security Director.
Note: You can manually configure the monitor polling on the Administration > Monitor Settings page.
Security Director supports up to 15,000 SRX Series devices with a six-node Junos Space fabric. In a setup with 15,000 SRX Series devices, all settings for monitor polling must be set to 60 minutes. If monitoring is not required, disable it to improve your publish or update job performance.
To enhance the performance further, increase the update subjobs thread number in the database. To increase the update subjobs thread in the database, run the following command:
#mysql -pnetscreen mysql> update RuntimePreferencesEntity SET value=20 where name='UPDATE_MAX_SUBJOBS_PER_NODE'; mysql> exit
Table 2 shows the supported firewall rules per policy processed concurrently.
Table 2: Supported Firewall Rules per Policy
Number of Device Rules Processed Concurrently | JBoss Node Count | Memory | Platform OpenNMS Function | Log Collector | Hard Disk |
|---|---|---|---|---|---|
5,000–7,000 | 1 | 32 GB of RAM | Enabled | Dedicated node | Any |
15,000 | 1 | 32 GB of RAM | Off or dedicated node | Dedicated node | Any |
40,000 | 2 | 32 GB of RAM per node | Off or dedicated node | Dedicated node | Any |
100,000 | 2 | 32 GB of RAM per node | Off or dedicated node | Dedicated node | SSD required |
Note: If you use the database dedicated setup (SSD hard disk VMs) for the deployment mentioned in the table above, the performance of publish and update is better compared with the normal two-node Junos Space fabric setup.