Imperva Cyber Community

VM Admin is resisting requests to reserve resources for the Imperva instance. What is the proper response?

• VM advantages
  • Imperva recognizes that there are many advantages of deploying virtual instances
  • One primary advantage is that it allows the instances/hosts on a VM to share available resources
  • The idea is that if an instance needs more CPU or memory it can request it when needed
  • In this situation resources are not reserved and only allocated when needed/requested.

• This solution works for applications or databases where operations can be queued or retried
  • In the case of a security appliance this is not an option
  • The Imperva virtual appliance has been tested and designed with the defined levels of CPU and memory
  • If CPU is required to audit an event or trigger a block and its not available then that action will not be taken, it will be missed
  • That means audit data may be missing or a malicious activity was able to pass through
  • The situation is very similar for memory. If memory is required to buffer a stream in order to perform full inspection or receive data from a DB agent and its not available the operation is dropped.
  • In security there are very few second chances, you must take the required action then
  • Even if milliseconds are involved, if the resource is needed, its needed then not later.

• The formal statement is:
  • The Imperva Virtual Appliance is only fully supported, and can only function as designed, if the required resources have been reserved and are available to the Imperva instance.