Views:

Summary

Slow registration process may be related to a very large number of records in underlying SQL database and time it takes to generate corresponding filtering rules.
CryptoSpike allows to implement filtering on different levels, and it is important to understand impact of each filtering method.
Number of records/rules that CryptoSpike needs to keep is increasing significantly when we define filters not relying on natural Inheritance of the objects: Cluster(s)---SVM(s)---Volume(s) and Share(s).


Step-by-Step

Below is the list of some available filtering methods with examples of generated number of SQL records in one table: PL_POLICIES_LIST_CONTENT. (Corresponding PL_RULES_DETAILS table will also grow proportionately.)

  • A – Define filters on SVM level using inheritance.

1) Define “Blocklist” on SVM level using “Select File-Patterns which should be blocked within this policy” and click “Save” Without clicking on Children CIFS or NFS.
2) Ensure that every volume and share for this SVM has option “Inherited from parent” – it should be a default choice already. (Also, see Note below)

Example: assuming we have 20 SVMs and about 4,700 filters
20 * 4,700 -> we will have about 94,000 records in SQL table: PL_POLICIES_LIST_CONTENT

  • B – Define filters on Cluster level using Inheritance.

1) We can use this method only if we have the Same filters for each SVM. (If each SVM has different filters, we must use different filters on SVM level).
2) Define “Blocklist” on SVM level using “Select File-Patterns which should be blocked within this policy” and click “Save” Without clicking on Children SVMs or CIFS or NFS.
3) Ensure that every SVM and volume and share for this SVM has option “Inherited from parent” – it should be a default choice already. (Also, see Note below)

Example: assuming we have 2 cluster and about 4,700 filters
2 * 4,700 -> we will have 9,400 records in SQL table: PL_POLICIES_LIST_CONTENT

  • C – Define Path exclusion for all needed filters for each SVM (smallest number of records)

1) Define “Blocklist” on SVM level using “Select all file-patterns” and Click “Save” Without clicking on Children CIFS and NFS.
2) Ensure that every volume and share for this SVM has option “Inherited from parent” – it should be a default choice already. (Also, see Note below)
3) Go to Filters->Blocklist and for a chosen filter (say “*.bit”) define “Allowed Path” to be \\SVMname111\*

Filtering methods that are not using Inheritance option should be avoided as they generate very large number of records. In the environment with many SVMs, Volumes and Shares it can decrease performance of SQL dramatically.

  • D – Define filters on SVM level NOT using  inheritance.

1) Define “Blocklist” on SVM level using “Select File-Patterns which should be blocked within this policy” and click “Save”
2) Now we can propagate selections to each Child Volume (say all 3 choices: “CIFS”, “CIFS audit”, “NFS”) and Child Share (“CIFS”).

Example: assuming we have 20 SVMs and about 4,700 filters, 200 Volumes and 600 shares.
(20 +3*200 + 600) * 4,700 -> we will have about 5.7MM records in SQL table: PL_POLICIES_LIST_CONTENT.

Defining filters on Cluster level NOT using inheritance will produce greater number of records. If we have 2 clusters, in the example above, we will have well over 10MM records.
 

Additional Information

It is important to plan for the creation of the filtering rules and use inheritance mechanism whenever possible to avoid large number of entries in the corresponding tables.
It is recommended to have less than 1MM entries in the tables that impact creation of the filtering rules.
Following steps can be used to validate counts in these tables.
 

SSH to the CS Server:

  • sudo mysql
  • show databases;
    • cryptospikecli will be one of the DB on the list
  • use cryptospikecli;
  • select count(*) from  PL_POLICIES;
  • select count(*) from  PL_POLICIES_LIST_CONTENT;
  • select count(*) from  PL_SHARES;
  • select count(*) from  PL_VOLUMES;
  • select count(*) from  PL_RULES_DETAILS;

Note:

To ensure that every volume and share for SVM has option “Inherited from parent”, we can:

  1. On SVM level select “Inherit from parent” option
  2. Click on every Child button (for Volumed: CIFS, SIFS audit, NFS; for Shares: CIFS). ​​​​​​This will setup inheritance from SVM Parent to Children Volume and Shares.
  3. Now “Save” – this will propagate “Inherit from parent” option to children Volumes and Shares.
  4. Now, on the same screen select “Blocklist” (instead of “Inherited from parent”)
  5. We now can select blocking with needed filter for the SVM, “Select File-Patterns which should be blocked within this policy:” and Save it, BUT WITHOUT CLICKING AGAIN ON THE CHILDREN BUTTONS
Keywords: Filter, Rules, Policies, Cluster
Related Products: CryptoSpike