server spec

Hi,

Are you able to use a dedicated SQL server for the database role?  I would advise this if it's at all possible.  Disk I/O on the DB seems to be very important for this solution and even more so with 10 concurrent consoles open.

If you have 10,000 machines making direct connections to the management server, I.E. no message relays, what OS do you intend on using?  Windows 2008 doesn't seem to scale as well as 2003, 2003 R2 or 2008 R2.  The message router doesn't seem to behave as well on 2008.  So I would avoid Windows 2008 where possible.  If you use 2003, you will need to increase the number of connections the server can support as per:
http://www.sophos.com/support/knowledgebase/article/14243.html.

It is also worth considering the location of the distribution points for the clients, if you have to host all the roles on a single server, I would suggest writing the distribution locations to a remote file server/filer or installing a second SUM which can create them on the file server locally.  This might be better, as it would take away the need for the SUM on the management server to write all the distribution points as the routernt.exe process and the mgntsvc.exe process will already be pretty busy. So will SQL if you have to install it locally.  Placing the distribution points on a remote file server/filer will also take away the load of all the clients updating which is also important.

As a guide I would suspect that for 10,000 direct connections the message router (routernt.exe) on the server will consume around 400MB, the management service (mgntsvc.exe) will consume 130-150MB, SAV itself another 110MB.  So I would advise distributing the roles as much as you can. 4GB of memory would be the minimum I would suggest for the management server if SQL was on another machine.  If SQL is on the same machine, I would suggest 6GB as SQL can be quite memory hungry and the database will probably grow to about 500MB for that many clients over time but this depends on maintenance, purging and the components you choose to enable.

If you have to put SQL on the same machine, I would suggest you have a separate physical drive for the database files, ideally putting the logs (ldf) and the data files (mdf) on dedicated drives, just to help reduce the seek times and increase the I/O.

When you role out the clients, I would suggest to do it in stages and monitor the load on the management server and SQL server at every 2000 machines added as an example.  Checking for lengthy durations of stored procedures using SQL Profiler, disk queue lengths of the SQL data and logs drives in Performance monitor and the responsiveness of Enterprise console.

As a final note, ensure you apply necessary SAV exclusions for SQL. See:

http://support.microsoft.com/kb/309422/

So exclude SOPHOS4.mdf, and other database files.

I hope this helps in some way.

Thanks

Jak

Hi,

Are you able to use a dedicated SQL server for the database role?  I would advise this if it's at all possible.  Disk I/O on the DB seems to be very important for this solution and even more so with 10 concurrent consoles open.

If you have 10,000 machines making direct connections to the management server, I.E. no message relays, what OS do you intend on using?  Windows 2008 doesn't seem to scale as well as 2003, 2003 R2 or 2008 R2.  The message router doesn't seem to behave as well on 2008.  So I would avoid Windows 2008 where possible.  If you use 2003, you will need to increase the number of connections the server can support as per:
http://www.sophos.com/support/knowledgebase/article/14243.html.

It is also worth considering the location of the distribution points for the clients, if you have to host all the roles on a single server, I would suggest writing the distribution locations to a remote file server/filer or installing a second SUM which can create them on the file server locally.  This might be better, as it would take away the need for the SUM on the management server to write all the distribution points as the routernt.exe process and the mgntsvc.exe process will already be pretty busy. So will SQL if you have to install it locally.  Placing the distribution points on a remote file server/filer will also take away the load of all the clients updating which is also important.

As a guide I would suspect that for 10,000 direct connections the message router (routernt.exe) on the server will consume around 400MB, the management service (mgntsvc.exe) will consume 130-150MB, SAV itself another 110MB.  So I would advise distributing the roles as much as you can. 4GB of memory would be the minimum I would suggest for the management server if SQL was on another machine.  If SQL is on the same machine, I would suggest 6GB as SQL can be quite memory hungry and the database will probably grow to about 500MB for that many clients over time but this depends on maintenance, purging and the components you choose to enable.

If you have to put SQL on the same machine, I would suggest you have a separate physical drive for the database files, ideally putting the logs (ldf) and the data files (mdf) on dedicated drives, just to help reduce the seek times and increase the I/O.

When you role out the clients, I would suggest to do it in stages and monitor the load on the management server and SQL server at every 2000 machines added as an example.  Checking for lengthy durations of stored procedures using SQL Profiler, disk queue lengths of the SQL data and logs drives in Performance monitor and the responsiveness of Enterprise console.

As a final note, ensure you apply necessary SAV exclusions for SQL. See:

http://support.microsoft.com/kb/309422/

So exclude SOPHOS4.mdf, and other database files.

I hope this helps in some way.

Thanks

Jak