Permissions Reporter helps businesses of all shapes and sizes manage their NTFS file system permissions. In this article, we'll discuss the topics of performance and workload scalability.
Performance Characteristics
Permissions Reporter pairs an advanced multi-threaded workload analysis engine with a proprietary in-memory database to deliver superior performance. However, there are many factors that can affect the speed and scalability of any given file system security analysis, including:
- Storage device performance
- Product workload & configuration
- Available resources on the host machine
Let's take a closer look at some of these factors, and then conclude with a brief discussion on how you can also limit CPU and I/O resource usage when needed.
Storage Device Performance
The image below shows the results of a performance test executed against a local SSD storage device with fast network connectivity to Active Directory. With all product features enabled, the analysis covered 1.8 million files in just over a minute.
In real-world reporting scenarios, the storage devices that you analyze with Permissions Reporter will be subject to I/O contention. Further, the file system analysis itself will create I/O - thereby potentially slowing storage response times for users.
Best practice: Use the built-in scheduling capabilities of Permissions Reporter to execute and export NTFS permissions reports outside of normal business hours. Note that XML data exports can be re-imported directly by Permissions Reporter at a later time.
Product Workload & Configuration
How you configure Permissions Reporter matters a great deal. The product offers a wide range of features and functions, each of which affects workload performance.
When configuring your Permissions Reporter project, first carefully consider the desired outcome. For example, if you configure the project to analyze a massive networked storage device with all features enabled and without any filters, the resulting permissions report is probably going to contain far more data than will be useful.
Let's briefly look at the project settings that most strongly affect performance and scalability to better inform your configuration choices.
- Project folders - Tune the project paths to constrain workload.
- File permissions report - Consider disabling if you don't need file-level permissions report data.
- File owners report - Consider disabling if you don't need file ownership report report data.
- Group member extraction - Consider disabling if you don't need to see group members in reports.
- Project filter - Use filters to limit the amount of data you're collecting to specific users, groups, and more.
Best practice: Disable product features you don't require, and use project filtering to limit the amount of data returned by any given project configuration. Create reports that contain reasonable, actionable quantities of data.
Available Host Machine Resources
Deciding where to install and run Permissions Reporter involves two primary qualifying metrics - memory availability and network connectivity.
As noted above, Permissions Reporter uses a special in-memory report data representation that helps to maximize performance. This is an explicit design decision - we want users to be able to query file systems of any size to construct useful permissions reports in a reasonable amount of time.
If you find yourself encountering memory related errors during a scan with Permissions Reporter, then you'll need to reduce the working project scope (see above) or make more memory available to the host operating system.
Network connectivity speed is also a signficant factor in any permissions analysis that involves remote file systems. Use the fastest connection possible to reduce the lag associated with the remote file system scanning process and querying Active Directory for account data.
Best practice: Run Permissions Reporter on a domain mameber computer with plenty of RAM and fast network connectivity.
Limiting Storage I/O and CPU Usage
There may be occasions where you need to constrain the resources used by Permissions Reporter. The product offers two helpful settings in such cases, both located in the Performance tab of the Global Options window.
The first is low priority I/O mode. Enabling this option causes Permissions Reporter to operate in a special "background" I/O mode available in Windows, causing the system to lower scheduling priority for disk and memory operations. This can help Permissions Reporter to "defer" to other processes that might require such resources.
And finally, you can also change the Threading Model setting, which controls how many threads are used for file system analysis and reporting tasks. Lowering this setting all the way to Single threaded will greatly reduce CPU usage.
Best practice: If necessary, use the global performance options to constrain system CPU and I/O usage.