CT-VL Capacity Planning Considerations

Capacity planning includes identifying the number of CT-VL appliances needed to meet the performance expectations. This planning can be done in your network, based on the peak load requirements. A minimum of 32 GB RAM is recommended, although the requirement may vary depending on the load and usage patterns. If CT-VL does not provide the desired performance, you can improve it by adding more RAM or by deploying additional CT-VL servers.

When planning capacity for CT-VL, keep the following in mind to ensure optimal performance and availability:

1. Memory Monitoring and Scaling: Monitor resource consumption and scale your CT-VL infrastructure appropriately. Set the memory usage alarms at 80%. When a CT-VL appliance reaches this threshold, you can either add more RAM or deploy another CT-VL instance.

2. High Availability and Load Balancing: Create a cluster of CT-VL appliances with a load balancer to avoid overloading a single appliance. This configuration prevents service interruptions by distributing requests across multiple active nodes. If a CT-VL appliance becomes unresponsive, the load balancer will automatically redirect traffic to other active nodes. This lets you add RAM to the unresponsive CT-VL appliance and reboot it, ensuring no downtime.

3. Client-Side Retry Mechanisms: Ensure the CT-VL client application has a retry logic. When one CT-VL instance becomes unresponsive, the appliance can initiate a retry, and the load balancer will redirect the request to a less-loaded node.

4. TCP Timeout Configuration: Set the client's TCP timeout to a minimum of 60 seconds.

5. FPE Data Size Management: Be mindful of data size when utilizing Format Preserving Encryption (FPE). FPE operations on plaintext data are memory-intensive. For optimal performance and resource utilization, it's recommended to limit the size of data processed with FPE to 512 bytes or less. While larger data sizes are supported, they will result in increased memory consumption and potentially slower response times. Consider alternative encryption methods for larger data sets if performance is a primary concern.