IIS Performance Issues

I was able to increase performance by cleaning up the events database and also starting a migration of clients over to SSL communication instead of allowing communication over port 80.

Hi stone3825, thanks for the suggestions.

We regularly run a clean-up of the events database as we have experienced issues because of this before. Sophos support have also recommended moving to SSL as this can be up to 40% more efficient so this will be looked at more very soon.

However, the CPU usage on the servers can hit 100% even when there is only a handful (~10) of clients connected; I therefore suspect that there is something more fundamentally wrong.

Any further suggestion gratefully received.

Hi JPSealey,

as you've already mentioned, a major IIS performance improvement can be achieved when switching to SSL encryption. Setting up SSL between Client and Server is described in the SafeGuard Enterprise Installation Best Practice Guide (sgn_60_bpg_eng_installation_best_practice.pdf) - Chapter 5. "Configuring the SGNSRV web page to accept a certificate and assigning the certificate".

Nevertheless, 10 clients should not bring a SGNServer to 100% CPU load. From my personal experience, I'd recommend to check the following things first:

- SafeGuard Enterprise Client-Server Connection interval: Check the currently configured interval in the SafeGuard Enterprise policy and increase the interval time if required (4h is recommendable in most of the cases - you have to consider that clients also connect the server after startup)

- Try to avoid "Administrative POA Groups" where a big amount of users is assigned to every SafeGuard Client to give administrative staff POA access. Use the "POA Groups" feature instead.

In case above should not help out, I'd recommend to open up a support request and have support check the situation.

One more thing as you're running an older release of SafeGuard Enterprise; are all SafeGuard services on the server machine in the "running" state or is any one those stopped or "starting"/"stopping"? How many files are located in the following folders

- C:\ProgramData\Utimaco\SafeGuard Enterprise\LocalCache\auditing

- C:\ProgramData\Utimaco\SafeGuard Enterprise\LocalCache\transout

Regards,

Chris

To add to this, make sure you set your IIS worker processes correctly, it will thread the connections among multiple cores that way and not max out.

Hello Joel, could you please detail this worker processes part ?

I have read article 111494 but can't find where to check this.

(I try to solve a  performance issue with WHD + SGN server, many connections dropped.)

Thank you,

Bruno.

Hi BMR,

Make sure that the recycling options for the SGNWHD-Pool are set to a default values and "Maximum Worker Processes" is set to "1".

You can find the settings "recycling" and "Maximum Worker Processes" if you open the Internet Information Services ((IIS) Manager and open the "Applicaiton Pools" section. Choose the SGNWHD-Pool and select "Advanced Setting" from the action pane on the right.

Cheers,

Chris

We're having very similiar problems.

IIS application pool (SGNSRV-Pool) is running ~40-60% throughout the day (10,000 clients)

We have left IIS settings as defaults (1 worker process / recycling times etc..) and we're using SSL certs for client <-> server communication. Our events database table is archived daily and is currently ~100,000 records.

Management Servers (x4)

2 SGN servers take the load, 2 for DR/failover.

SafeGuard Enterprise 7.00.0.97 Server

SafeGuard 7.00.0.97 Management Server

SafeGuard Enterprise 7.00.0.97 Web Helpdesk

Windows Server 2008 Standard R2 SP1

4GB, 2 x vCPU

SQL Server

SQL Server 2012 SP2 (11.00.5058.0)

Windows Server 2008 R2 Standard SP1

32GB, 8 x CPU

Anyone have any other resolutions or have been successful through support? We're currently running traces at both the IIS and SQL levels.

Some others might find the following useful. 

Article ID: 120420

Title: SafeGuard Enterprise backend (Server, Management Center and Database) performance improvement recommendations
URL: https://sophos.com/kb/120420 

Hi Mark,

I'd suggest to increase the Worker Process count for the SGNSRV Application Pool to "2" and verify if this yields better performance results on the IIS Server.

Side note: As above, please do not change the number of Worker Processes for the SGNWHD Application Pool, as this will result in dropped connections for your Web Helpdesk Users

Regards,

ChrisD

Thanks Chris! This has dramatically reduced our load. We just needed confirmation as it wasn't clear if you could do this or not. We've taken note and left the WHD site/app pool as defaults. Whats the rule of thumb regarding worker processes? 1 per CPU?

CPU did increase for a while and then trickled off to ~10% now, our client <-> server response times are quicker and our engineers have noted the synchronisation speeds are much better (policies being pulled down and keys being created etc)

Currently watching over but so far so good.

Hey Mark, 

sounds good! Regarding the worker process configuration, please see excerpt from the KBA 120420 - you've referenced before :) - 

Article ID: 120420

Title: SafeGuard Enterprise backend (Server, Management Center and Database) performance improvement recommendations
URL: https://sophos.com/kb/120420 

"Optimize Internet Information Services SGNSRV-Pool maximum worker processes count (~1 worker process per CPU core)"

Cheers,

ChrisD