Deployment recommendations
Best practices for deployment of ESET PROTECT On-Prem
Number of clients |
Up to 1,000 |
1,000–5,000 |
5,000–10,000 |
10,000–50,000 |
50,000–100,000 |
100,000+ |
---|---|---|---|---|---|---|
ESET PROTECT Server & Database Server on the same machine |
✔ |
✔ |
✔ |
X |
X |
X |
Use of Microsoft SQL Express |
✔ |
✔* |
X |
X |
X |
X |
Use of Microsoft SQL |
✔ |
✔ |
✔ |
✔ |
✔ |
✔ |
Use of MySQL |
✔ |
✔ |
✔ |
X |
X |
X |
Use of ESET PROTECT Virtual Appliance |
✔ |
✔ |
Not Recommended |
X |
X |
X |
Use of VM server |
✔ |
✔ |
✔ |
Optional |
X |
X |
Recommended connection interval (during deployment phase) |
60 seconds |
5 minutes |
10 minutes |
15 minutes |
20 minutes |
25 minutes |
Recommended connection interval (after deployment, during standard usage) |
10 minutes |
10 minutes |
20 minutes |
30 minutes |
40 minutes |
60 minutes |
* To avoid filling ESET PROTECT database, we do not recommend this scenario if you also use ESET Inspect On-Prem.
Connection interval
ESET PROTECT Server is connected to the ESET Management Agents using permanent connections. Despite the permanent connection, data transmission occurs only once during the connection interval. For example, if the replication interval on 5,000 clients is eight minutes, there are 5,000 transmissions in 480 seconds, 10.4 per second. Ensure to set the appropriate client connection interval. Ensure to keep the total number of Agent - Server connections below 1,000 per second, even for high-performance hardware configurations.
If a server is overloaded or there is a malware outbreak (for example, we connect 20,000 clients to a server only able to service 10,000 clients at an interval of every 10 minutes), it will skip some connected clients. Not connected clients will try to connect to the ESET PROTECT Server later.
Single Server (Small Business)
To manage small networks (1,000 clients or less), use a single machine with ESET PROTECT Server and all ESET PROTECT components installed on it. In SMB / small network environments, we encourage you to consider a Linux ESET PROTECT On-Prem installation or virtual appliance where applicable.
Remote Branches with Proxies
If client machines do not directly see the ESET PROTECT Server, use a proxy to forward the ESET products communication. HTTP Proxy is not aggregating the communication or lowering the traffic of replication.
High Availability (Enterprise)
For enterprise environments (over 10,000 clients), consider the following:
•RD Sensor helps to search your network and discover new computers.
•You can install ESET PROTECT Server on a Failover Cluster.
•Configure your HTTP Proxy for a high number of clients or use more Proxies.
Web Console configuration for enterprise solutions or low-performance systems
By default, the ESET PROTECT Web Console installed via All-in-one installer for Windows reserves a memory limit of 1024 MB for Apache Tomcat.
You can change the default Web Console configuration based on your infrastructure:
•In the enterprise environment, the default Web Console configuration can suffer from instability when working with a high number of objects. Change the Tomcat settings to prevent memory shortages. Ensure your system has enough RAM (16 GB or more) before making these changes.
•If you have a low-performance system with limited hardware resources, you can decrease the Tomcat memory usage.
Memory values provided below are recommendations. You can adjust the Tomcat memory settings based on your hardware resources. |
Windows
1.Open the tomcat9w.exe or run the Configure Tomcat application.
2.Switch to the Java tab.
3.Change the memory usage:
a.Increase (enterprise): Change the values Initial memory pool to 2048 MB and Maximum memory pool to 16384 MB.
b.Decrease (low-performance systems): Change the values Initial memory pool to 256 MB and Maximum memory pool to 2048 MB.
4.Restart the Tomcat service.
Linux and ESET PROTECT Virtual Appliance
1.Open the Terminal as root or use sudo.
2.Open the file:
a.ESET PROTECT Virtual Appliance: /etc/sysconfig/tomcat
b.Debian: /etc/default/tomcat9
3.Add the following line to the file:
a.Increase memory usage (enterprise): JAVA_OPTS="-Xms2048m -Xmx16384m"
b.Decrease memory usage (low performance systems): JAVA_OPTS="-Xms256m -Xmx2048m"
4.Save the file and restart the Tomcat service.
service tomcat restart