Select and Set Rekey I/O Rate

You can choose to set the Rekey I/O Rate to control I/O operations from LDT to minimize LDT impact to your production workload. It's assumed that you already know the maximum IOPS on your host system during your production workload. With this information, you can choose a threshold for Rekey I/O Rate and enforce the selected threshold during CipherTrust Transparent Encryption - Live Data Transformation. The work flow is as follows:

1. Set Rekey I/O Rate threshold using voradmin or in the CipherTrust Manager Console.

2. QoS retrieves the threshold and starts monitoring and controlling LDT according to the specified threshold and the tolerance factor corresponding to the threshold.

3. The selected threshold will be in effect within 2 to 4 minutes after entering the threshold.

When Rekey I/O Rate and CPU or IOWAIT thresholds are set, QoS will monitor and control the LDT processing rate based on the Rekey I/O Rate threshold. The CPU threshold will be ignored.

Set Rekey I/O Rate Threshold

1. Set Rekey I/O Rate threshold by using voradmin:

   voradmin ldt ior 10
   

   You can also set the Rekey I/O Rate for one or more managed hosts using the Quality of Service section in a client profiles. For more information about using this method, see How to Set QoS.

   In the voradmin example above, QoS enforces the threshold of 10MB/sec with the tolerance of +/- 3MB/second. Effectively, LDT attempts to rekey the amount of data in the range of 7MBs/second to 13MB/second.

   On Linux and Windows, you can use voradmin ldt ior to report the current threshold setting without specifying a value for threshold:

    voradmin ldt ior
   QoS Rekey I/O rate threshold: 10 MB/sec
   QoS Rekey I/O tolerance: 3 MB/sec
   

2. Be sure the threshold you enter is appropriate for your production workload. To verify this:

   1. Observe the Rekey I/O Rate for a few minutes using voradmin.

      On Linux, you can do this using:

      voradmin ldt stats
      Host level statistics:
      File stats: rekeyed=202390, passed=0, created=0, removed=0
      Data stats: rekeyed=6.2GB, truncated=0.0MB
      QoS: IOR threshold=10MB/sec, tolerance=3MB/sec
      current_rekey_rate=2MB/sec, current_iow=0ms
      load_factor=50, delay_factor=0, delay_scan=0
      

      On Windows, you can do this using:

      voradmin ldt monitor
      Host Stats:
      Total number of Guard Points   = 1
      Rekey Status                   = Rekey done (Finished rekey on 1 out of 1 GP's)
      Total files to be transformed  = 0
      Total files transformed        = 0
      Total files in progress        = 0
      Total transformation threads   = 0
      
      Current rekey rate             = 0 KB/s
      Rekey IO rate threshold        = 1000 MB/s
      Rekey IO rate tolerance        = 4 MB/s
      

   2. Set an appropriate threshold. Do not set the threshold value too high, as QoS might not be able to achieve it because of other resource bottlenecks.

3. Check the QoS controlling rekey rate.

   QoS will monitor and control LDT utilization using the specified threshold. The following figure shows an example of how QoS monitors and controls LDT utilization. In this example, the threshold is 30 MB/sec. Throughput of LDT was nearly 130 MB/sec. QoS brings it down to within the range of 30 MB/second.

   

4. Disable QoS.

   QoS will not monitor and control resources when all the thresholds, CPU, Rekey I/O rate, and IOWAIT are set to 0. When Rekey I/O Rate and IOWAIT are not explicitly set, it is considered to be set to 90 MB/second.

   QoS continues to apply its schedules for suspending LDT operations at certain days and times regardless of what values are set for CPU, Rekey I/O Rate, and IOWAIT thresholds.

Summary of QoS Resources

The following table summarizes the available thresholds and the actions of QoS module to enforce the set thresholds: