Why Imperva Requires Reserving Resources for Virtual Deployments

By Phil Klassen posted 17 days ago


VM Admin is resisting requests to reserve resources for the Imperva instance. What is the proper response?

  • VM advantages
    • Imperva recognizes that there are many advantages of deploying virtual instances
    • One primary advantage is that it allows the instances/hosts on a VM to share available resources
    • The idea is that if an instance needs more CPU or memory it can request it when needed
    • In this situation resources are not reserved and only allocated when needed/requested.
  • This solution works for applications or databases where operations can be queued or retried
    • In the case of a security appliance this is not an option
    • The Imperva virtual appliance has been tested and designed with the defined levels of CPU and memory
    • If CPU is required to audit an event or trigger a block and its not available then that action will not be taken, it will be missed
    • That means audit data may be missing or a malicious activity was able to pass through
    • The situation is very similar for memory. If memory is required to buffer a stream in order to perform full inspection or receive data from a DB agent and its not available the operation is dropped.
    • In security there are very few second chances, you must take the required action then
    • Even if milliseconds are involved, if the resource is needed, its needed then not later.
  • The formal statement is:
    • The Imperva Virtual Appliance is only fully supported, and can only function as designed, if the required resources have been reserved and are available to the Imperva instance.