Permissions Reporter helps businesses of all shapes and sizes manage their NTFS file system permissions. In this article, we'll discuss the topics of performance and workload scalability.
Permissions Reporter pairs an advanced multi-threaded workload analysis engine with a proprietary in-memory database to deliver superior performance. However, there are many factors that can affect the speed and scalability of any given file system security analysis, including:
- Storage device performance
- Product workload & configuration
- Available resources on the host machine
Let's take a closer look at some of these factors, and when we'll finish with a brief discussion about how you can also limit CPU and I/O resource usage when needed.
Storage Device Performance
The image below shows the results of a performance test executed against a local SSD storage device with fast network connectivity to Active Directory. With all product features enabled, the analysis covered 1.8 million files in just over a minute.
In real-world scenarios, the storage devices that you analyze with Permissions Reporter will be subject to I/O contention. Further, the file system analysis itself will create I/O - thereby potentially slowing storage response times for users.
Product Workload & Configuration
How you configure Permissions Reporter matters a great deal. The product offers a wide range of features and functions, each of which affects workload performance.
When configuring your Permissions Reporter project, first carefully consider the desired outcome. For example, if you configure the project to analyze a massive networked storage device with all features enabled and without any filters, the resulting permissions report is probably going to contain far more data than will be useful.
Let's briefly look at the project settings that most strongly affect performance and scalability to better inform your configuration choices.
- Project folders - Tune the project paths to constrain workload.
- File permissions report - Consider disabling if you don't need file-level permissions report data.
- File owners report - Consider disabling if you don't need file ownership report report data.
- Group member extraction - Consider disabling if you don't need to see group members in reports.
- Project filter - Use filters to limit the amount of data you're collecting to specific users, groups, and more.
Available Host Machine Resources
Deciding where to install and run Permissions Reporter involves two primary qualifying metrics - memory availability and network connectivity.
As noted above, Permissions Reporter uses a special in-memory report data representation that helps to maximize performance. This is an explicit design decision - we want users to be able to query file systems of any size to construct useful permissions reports in a reasonable amount of time.
If you find yourself encountering memory related errors during a scan with Permissions Reporter, then you'll need to reduce the working project scope (see above) or make more memory available to the host operating system.
Network connectivity speed is also a signficant factor in any permissions analysis that involves remote file systems. Use the fastest connection possible to reduce the lag associated with the remote file system scanning process and querying Active Directory for account data.
Limiting Storage I/O and CPU Usage
There may be occasions where you need to constrain the resources used by Permissions Reporter. The product offers two helpful settings in such cases, both located in the Performance tab of the Global Options window.
The first is low priority I/O mode. Enabling this option causes Permissions Reporter to operate in a special "background" I/O mode available in Windows, causing the system to lower scheduling priority for disk and memory operations. This can help Permissions Reporter to "defer" to other processes that might require such resources.
And finally, you can also change the Threading Model setting, which controls how many threads are used for file system analysis and reporting tasks. Lowering this setting all the way to Single threaded will greatly reduce CPU usage.