Select and Set Rekey I/O Rate
You can choose to set the Rekey I/O Rate to control I/O operations from CTE-LDT to minimize CTE-LDT impact to your production workload. It's assumed that you already know the maximum IOPS on your host system during your production workload. With this information, you can choose a threshold for Rekey I/O Rate and enforce the selected threshold during CipherTrust Transparent Encryption - Live Data Transformation. The work flow is as follows:
-
Set Rekey I/O Rate threshold using
voradminor in the CipherTrust Manager Console. -
QoS retrieves the threshold and starts monitoring and controlling CTE-LDT according to the specified threshold and the tolerance factor corresponding to the threshold.
-
The selected threshold will be in effect within 2 to 4 minutes after entering the threshold.
When Rekey I/O Rate and CPU or IOWAIT thresholds are set, QoS will monitor and control the CTE-LDT processing rate based on the Rekey I/O Rate threshold. The CPU threshold will be ignored.
Set Rekey I/O Rate Threshold
-
Set Rekey I/O Rate threshold by using
voradmin:voradmin ldt ior 10You can also set the Rekey I/O Rate for one or more managed hosts using the Quality of Service section in a client profiles. For more information about using this method, see How to Set QoS.
In the
voradminexample above, QoS enforces the threshold of 10MB/sec with the tolerance of +/- 3MB/second. Effectively, CTE-LDT attempts to rekey the amount of data in the range of 7MBs/second to 13MB/second.On Linux and Windows, you can use
voradmin ldt iorto report the current threshold setting without specifying a value for threshold:voradmin ldt ior QoS Rekey I/O rate threshold: 10 MB/sec QoS Rekey I/O tolerance: 3 MB/sec -
Be sure the threshold you enter is appropriate for your production workload. To verify this:
-
Observe the Rekey I/O Rate for a few minutes using
voradmin.On Linux, you can do this using:
voradmin ldt stats Host level statistics: File stats: rekeyed=202390, passed=0, created=0, removed=0 Data stats: rekeyed=6.2GB, truncated=0.0MB QoS: IOR threshold=10MB/sec, tolerance=3MB/sec current_rekey_rate=2MB/sec, current_iow=0ms load_factor=50, delay_factor=0, delay_scan=0On Windows, you can do this using:
voradmin ldt monitor Host Stats: Total number of Guard Points = 1 Rekey Status = Rekey done (Finished rekey on 1 out of 1 GP's) Total files to be transformed = 0 Total files transformed = 0 Total files in progress = 0 Total transformation threads = 0 Current rekey rate = 0 KB/s Rekey IO rate threshold = 1000 MB/s Rekey IO rate tolerance = 4 MB/s -
Set an appropriate threshold. Do not set the threshold value too high, as QoS might not be able to achieve it because of other resource bottlenecks.
-
-
Check the QoS controlling rekey rate.
QoS will monitor and control CTE-LDT utilization using the specified threshold. The following figure shows an example of how QoS monitors and controls CTE-LDT utilization. In this example, the threshold is 30 MB/sec. Throughput of CTE-LDT was nearly 130 MB/sec. QoS brings it down to within the range of 30 MB/second.
-
Disable QoS.
QoS will not monitor and control resources when all the thresholds, CPU, Rekey I/O rate, and IOWAIT are set to 0. When Rekey I/O Rate and IOWAIT are not explicitly set, it is considered to be set to 90 MB/second.
QoS continues to apply its schedules for suspending CTE-LDT operations at certain days and times regardless of what values are set for CPU, Rekey I/O Rate, and IOWAIT thresholds.
Summary of QoS Resources
The following table summarizes the available thresholds and the actions of QoS module to enforce the set thresholds:
| Scenario | QoS Action |
|---|---|
| Only Rekey I/O Rate threshold is set | Monitor and control the CTE-LDT processing rate based on Rekey I/O Rate |
| Rekey I/O Rate and CPU threshold are set | Monitor and control the CTE-LDT processing rate based on Rekey I/O Rate. CPU threshold is ignored. |
