VM Admin is resisting requests to reserve resources for the Imperva instance. What is the proper response?
- VM advantages
- Imperva recognizes that there are many advantages of deploying virtual instances
- One primary advantage is that it allows the instances/hosts on a VM to share available resources
- The idea is that if an instance needs more CPU or memory it can request it when needed
- In this situation resources are not reserved and only allocated when needed/requested.
- This solution works for applications or databases where operations can be queued or retried
- In the case of a security appliance this is not an option
- The Imperva virtual appliance has been tested and designed with the defined levels of CPU and memory
- If CPU is required to audit an event or trigger a block and its not available then that action will not be taken, it will be missed
- That means audit data may be missing or a malicious activity was able to pass through
- The situation is very similar for memory. If memory is required to buffer a stream in order to perform full inspection or receive data from a DB agent and its not available the operation is dropped.
- In security there are very few second chances, you must take the required action then
- Even if milliseconds are involved, if the resource is needed, its needed then not later.
- The formal statement is:
- The Imperva Virtual Appliance is only fully supported, and can only function as designed, if the required resources have been reserved and are available to the Imperva instance.