TrendMicro DSAFilter_HEAP_MAX_Size


DSAFILTER_HEAP_MAX_SIZE

There are more issues occuring with TrendMicro DeepSecurity, issues not related to the vShield driver. I want to mention one of them here, the other one comes later after I verified it really still is an issue.

Unreachable servers

We experienced random unreachable servers, one minute you would connect to a server the next minute it seemed to have dissapeared.

It freaked us out in the beginning pointing fingers to each other thinking someone f..ed up their work. We noticed that it had something to do with firewalling and therefore TrendMicro.

DSAFILTER_HEAP_MAX_SIZE

After a lot of investigations by the VMware guys they found out that the DSAFILTER_HEAP_MAX_SIZE  was set to default and therefore only 25 virtual machine were managed.

We were building a large new production environment and more than 25 virtual machines were active on the hosts. This resulted in some machine not repsonding to our requests while others worked fine.

Somehow they could reset this allowing all machines to be accesible, but soon after accesibility would drop random. we had to stop building and figure out how to fix this.

You would expect that TrendMicro DeepSecurity dynamically would determine the number of virtual machines on the host and change the heapsize according to that number. It doesn’t, you have to cacculate a number yourself and change it on forehand.

The product should dynamically change the value, it doesn’t do anything dynamically, except block virtual machine, so we had to do it manually.

Calculating numbers

If you want to know why calculating the heapsize is not a fix, look at the difference between the numbers ofVMware and TrendMicro in the following blog:

http://blocksandbytes.com/2012/03/09/deep-security-8-and-dsafilter_heap_max_size/

A small quote from the site: (VMware value)

  • The article that states that the DSAFILTER_HEAP_MAX_SIZE should be roughly 1MB per each VM planned. This results in most customers setting a value for the HEAP_MAX_SIZE of around 40 – 50MB. This is a 1/10th of what it should be according to Trend Engineering for DS 8 (512MB)!

(I would love to say who wrote this blog but I can’t find his name anywhere.. so if it’s your blog please let me know and I give you credits.)

If you follow VMware you end up with (following the blog now) 50MB where as TrendMicro advices (if you do it manually) to go for 512MB.

There’s a lot of air between those numbers.

Actually, I don’t want to know those numbers, I want the product to be figuring this out. I don’t want to change a number each time our environment grows and if I set the number high what is the impact?

 

What is next?

For now we have set the DSAFILTER_HEAP_MAX_SIZE to 512 to make sure we don’t run into issues when we deploy new virtual machines.

A feature request is sent to Trend Micro asking them to look closely to the product and make sure it will determine the number of virtual machine dynamically and raise or lower the DSAFILTER_HEAP_MAX_SIZE.

Is is gonna happen anytime soon? I don’t know, really don’t know…

Hopefully a lot of the VMworld visitors and the Trend Micro guys will read this blog and talk about it.

If it’s fixed I’ll tweet about it…


Leave a Reply

https://tracking.cirrusinsight.com/869c29e2-3a9b-48c5-9232-0b95e7993ae8/controlup-com-pixel-php