How to Set QoS
To set QoS for a host to enforce a threshold on CTE-LDT based on CPU percentage:
-
Log into the CipherTrust Manager Console as an administrator.
-
Open the CTE application.
-
In the left-hand menu, select click Profiles.
-
If you want to add a new profile, click Create Profile and specify a profile name and description.
-
Click the profile name in the Profiles table.
-
Click the Quality of Service Configuration section heading to open the QoS options and select one of the following radio buttons:
-
Rekey by Rate — Specifies that you want to set a Rekey I/O Rate threshold. Enter a value between 0 and 100 in the associated LDT QoS Rekey Rate field. If you specify 0, CTE does not throttle the CTE-LDT rekey or scanning processes.
-
Rekey by CPU— Specifies that you want to set a CPU Rate threshold. Enter a value between 0 and 99 in the associated CPU Percentage field.
If you select this option, CTE-LDT applies a tolerance of +/- 2% on CPU threshold settings up to 7%. For threshold over 7%, CTE-LDT applies a tolerance of +/- 4%.
If CPU% is set to 0, QoS stops monitoring CPU usage and CTE-LDT operations run at maximum rekey rate within the available system resources. Setting CPU percentage to 0 does not affect CTE-LDT schedules, so CTE-LDT operations are suspended and resumed per QoS schedule.
If you do not enter CPU threshold percentage, CTE-LDT applies CPU threshold of 5% capped by default.
If CPU% is set to a very high value, such as 25%, the rekey process competes with other applications to use as many CPU cycles as it can. As a best practice, start with a setting of 10%, and increase or decrease it slowly by 5% until it reaches a reasonable level that does not adversely affect the performance of user applications. The higher the percentage, the more quickly CTE-LDT completes its processing. However, this speed causes increased competition for resources, which can significantly degrade the performance of other applications using this host.
Do not set CPU% to a very high value in an attempt to force faster data transformation. This can potentially exhaust other system resources.
When you select Rekey by CPU, the Cap CPU Allocation check box becomes available. Check this box to specify that the CPU allowance must never exceed the percentage set in CPU%. If Cap CPU Allocation is not checked, and additional CPU resources are available on the host, CTE-LDT consumes part of the available resources for rekey above the CPU threshold. Exceeding the threshold may impact your production workload as your production CPU resource consumption fluctuates over time.
For example, if CPU% is set to 10%, but Cap CPU Allocation is not set, the rekey process continues consuming available CPU cycles after reaching 10% CPU utilization, at which point the rekey process starts contending with applications for CPU cycles.
-
-
In the QoS Schedules section, select the schedule you want to use from the LDT QoS Schedule drop-down list. This list includes the following options:
-
ANYTIME
-
WEEKNIGHTS
-
WEEKENDS
-
CUSTOM
If you select anything other than CUSTOM, CipherTrust Manager displays the time ranges in which CTE-LDT can run in the Time Ranges column. If you select CUSTOM, you can then click the Create New QoS Schedule button to create a custom schedule. Add one custom schedule entry for each time range in which you want QoS to run.
By limiting CTE-LDT to periods of low application usage, you minimize the potential for resource contention between applications and CTE-LDT.
-
The following example shows a profile with the CPU threshold capped at 10%. The QoS schedule is set for 1 am to 4 am on Mondays, Wednesdays, and Fridays.