Has anyone attempted to virtualize Windows based AV servers for NetApp? All of my experience from speaking with other customers, McAfee, NetApp, etc stated it is better to consolidate (many filers to one AV server) than virtualize due to complexity and I/O latency (specifically network) required for serving the filer estate.
If you have, how many filers/AV servers did you manage to virtualize? Was there any noted performance issues? Did you use a private VLAN/Network from filer to AV server to communicate? Any other advice about such a setup or configuration would be greatly appreciated.
We use McAfee as the AV solution to our Filers. Couple of months back I had a discussion with the McAfee Engineering team regarding using VMWare solution to consolidate of AV servers. The below are the questions I asked them, followed by their response:
1. Can we use VMWare as AV server?
It is not recommended that you use VMWare as AV Server -
The scanner-servers should have complete, fast access to the filer, for example, a dedicated 100 megabit or gigabit connection between the file and the scanner-server.
A Vmware installation is not a dedicated connection since it has to go through the host.
2. If yes, then are there any best practices for that?
There is no best practices for this since it is not recommended. You can try it but a dedicated server is recommended.
3. Are there any McAfee Documents which we can refer on "How to implement VSE for storage (or VSE 8.7) on VMware environment?"
Virus Scan for Storage is an add-on to VSE8.7i - the use of VSE8.7i is supported on VMWare - it is the add-on which is not recommended.
4. Also if we use VMware, should the physical server be having a specific Hardware configuration like- Quad Core CPU, 8GB or more of RAM, Extra NIC cards etc..
I have actually answered you question about quad core before. I have told you that it will work on this as it is up to the OS on how it handles the information. As for CPU - same as for Virus Scan 8.7 - it will not take much but RAM is required:
You will need about1mb RAM for each scan thread.
Therefore if you set the maximum scan threads to 400, expect ~400mb RAM usage at peak levels.
However, and this is IMPORTANT: when a detection occurs, the scanning thread's memory usage will grow up to about 10mb RAM (as it loads the items necessary to clean the threat). Thus, if all 400 threads were to detect threats concurrently, even 4gb RAM would be insufficient and performance would be slowed as the pagefile is utilized.
Hope this help, Jon !!
Also in our environment we use an AV POD design wherein you have multiple AV servers providing the scanning services for Multiple filers. Before you implemen this AV PODit will be better if you some homework i.e. the load on the AV servers coming from the filers. There are couple of TR's on now.. please refer to them to do the proper sizing... do let me know if you are not able to find any.