2.7
Table Of Contents
- ACE Management Server Administrator’s Manual
- Contents
- About This Book
- Introduction
- Planning an ACE Management Server Deployment
- Installing and Configuring ACE Management Server
- Configuration Options for ACE Management Server
- Prerequisites for Configuring the Server
- Starting ACE Management Server Configuration
- Viewing and Changing Licensing Information
- Using an External Database
- Creating Access Control
- Uploading Custom SSL Certificates
- Logging Events
- Applying Configuration Settings
- Load-Balancing Multiple ACE Management Server Instances
- Typical Setup Using Load-Balanced ACE Management Server Instances
- Install the Required Services for Load Balancing
- Use the Same SSL Certificate on All Servers
- Create New SSL Certificates and Keys for Each Server
- Installing and Configuring the Load Balancer
- Verify That ACE Instances Are Using the Load Balancer
- Managing ACE Instances
- Viewing ACE Instances That the Server Manages
- Search for an Instance
- Sort by Column Heading and Change Column Width
- Show, Hide, and Move Columns in the Instance View
- Create or Delete Custom Columns in the Instance View
- View Instance Details
- Reactivate, Deactivate, or Delete an ACE Instance
- Change a Copy Protection ID
- Reset the Authentication Password
- Add Information for Custom Columns
- Troubleshooting and Maintenance
- Appendix: Database Schema and Audit Event Log Data
- Glossary
- Index
VMware, Inc. 15
Chapter 2 Planning an ACE Management Server Deployment
Network Bandwidth and Policy Update Frequency
TheamountofnetworkbandwidththatACEManagementServ erandACEinstancesrequiredependsonthe
frequencyofpolicyupdatesthatyouconfigure.Table 2‐3showstheamountofbandwidthneededwhenyou
useapolicyupdatefrequencyvalueof10 minutes.
VMwarerecommendsthatforlargedeployments(morethan5,000clients),
youincreasethetimebetween
policyupdatesbyclientsbecausethisreducestheamountofrequiredbandwidth.
Table 2‐4showsthebandwidthneededwhenthepolicyupdatefrequencyvalueissetto30minutes.
Theamountofnetworkbandwidthrequiredcanalsobehigherifyourpolicysetisverycomplex.
VMware
recommendsthatyouhaveaseparatenetworklinkbetweenACEManagementServerandyour
databaseserver,sothattrafficcomingandgoingfromACEManagementServertoitsclientsdoesnotinterfere
withthetraffictoandfromyourdatabaseserver.
ACE Policy Configuration
TheconfigurationofACEpoliciescanaffectperformance.Youcanincreasetheamountofdatathatis
transferredbetweenACEManagementServerandACEPlayerbyusingoneofthefollowingmethods:
Hostpolicies–Enablinghostpolicies(suchashostnetworkquarantine)requiresthatahost‐sidedaemon
retrievesthehostpoliciesfromtheACEManagementServer.
Complexnetworkquarantinepolicies–Ifthesetofrulesthatmakesupyournetworkquarantineisvery
large,thetransferoftheserulesfromtheACEManagementServertotheclientscanaffectthescalability.
ThenumbersshowninTable 2‐3andTable 2‐4areestimatesofrequiredbandwidthgiven
average‐size
rulesetsfornetworkquarantine.YoucanviewthesizeofyourpolicysetbyexaminingtheACEfile
directoryandcountingthesizeofthe.vmplfile.Anaveragepolicysetis15KBorless.
Load Balancers
TheACEManagementServerclient‐serverprotocolisbuiltontopoftheHTTPSprotocol.YoucanuseHTTP
load‐balancingsoftwareandhardwaresolutionstoscaleanACEManagementServerdeploymentbeyondthe
capacityofasingleserver(orforhigh‐availabilitydeployments).
ACEManagementServerscalesinalinear
fashionwhenanenterprise‐gradeHTTPSloadbalancerisused.See
Chapter 5,“Load‐BalancingMultipleACEManagementServerInstances,”onpage 37.
Table 2-3. Network Bandwidth Required with a Policy Update Frequency of 10 Minutes
Number of Clients Bandwidth Required
100 0.125Mb/sec.
1,000 1.25Mb/sec.
10,000 12.5Mb/sec.
Table 2-4. Network Bandwidth Required with a Policy Update Frequency of 30 Minutes
Number of Clients Bandwidth Required
100 0.04Mb/sec.
1,000 0.4Mb/sec.
10,000 4Mb/sec.