Data Domain: Client security scan degrades system performance
Résumé: Security scanning scripts and applications can have a major impact on Data Domain system performance.
Cet article concerne
Cet article ne concerne pas
Cet article n’est associé à aucun produit spécifique.
Toutes les versions du produit ne sont pas identifiées dans cet article.
Symptômes
The most apparent symptom is often a degradation of performance of backups and restores.
These operations can sometimes take many times longer than usual, for at least a portion of the workload. Other potential symptoms are listed below.
These operations can sometimes take many times longer than usual, for at least a portion of the workload. Other potential symptoms are listed below.
Excessive readdir Activity
Security tools that repeatedly list or search directories trigger large numbers of readdir operations. This causes contention in the file manager and directory manager layers.
Indicators include:
- A sharp increase in daily
readdircounts (for example, from ~1 million per day to tens or hundreds of millions). - Elevated
readdirthread activity (as in,nfsproc3_readdir_3_svc). - Increased latency in file system operations.
- Example: A sharp increase in
readdiroperations. Areaddiroperation is the result of a client request to read a directory. Two examples of this are a client running the 'ls' (list directory contents) command or a 'find' (search for files in a directory hierarchy). Manyreaddirthreads cause contention in the file manager and directory manager layers.- The active
readdircount can be found in a file system thread list (search for "nfsproc3_readdir_3_svc") or by reviewing the dailyreaddircount found in an autosupport. In the belowreaddirstats, total operations increased from roughly from 1 millionreaddiroperations per day to 70 million per day.FM API histograms: op type mean std-dev <1ms <10ms <100ms <1s <10s <100s >100s total max min autosupport.6: readdir 3.415ms 18.469ms 12580518 31919253 1638591 135685 3749 1 0 46277797 10306.395 0.014 autosupport.5: readdir 3.459ms 18.829ms 12763092 32553822 1696951 141236 4027 1 0 47159129 10306.395 0.014 autosupport.4: readdir 3.434ms 18.627ms 13082191 33663810 1723265 143462 4051 1 0 48616780 10306.395 0.014 autosupport.3: readdir 15.599ms 33.340ms 13312985 36148759 14982367 1910057 4179 1 0 66358348 10306.395 0.014 autosupport.2: readdir 24.991ms 35.316ms 13609833 46780191 57380779 4995642 4588 1 0 122771034 10306.395 0.014 autosupport.1: readdir 27.739ms 37.025ms 13876217 69875224 107391735 9361188 5661 1 0 200510026 10306.395 0.014 autosupport: readdir 30.935ms 43.488ms 14379002 92945802 158095969 16689520 16549 1 0 282126843 10306.395 0.014
- The active
- Example: A sharp increase in
Excessive Read Streams
Security scans may create thousands of read streams, far exceeding supported operational limits.
Example (system show performance customer-view streams):
-
- Read stream counts that far exceed supported limits. In the below '
system show performance customer-view streams' output, read streams are over 4,000 at times.-------------------------------------------------------------------------- Time Stamp |Streams | | read write read+ write+ repl-in repl-out| Date Time | seq/rand seq/rand | YYYY-MM-DD HH:MM:SS| # # # # # #| -------------------------------------------------------------------------- 2022-02-06 02:29:00 2144/0 261/2 0 0 0 0 2022-02-06 02:39:00 3521/0 229/2 0 0 0 0 2022-02-06 02:49:00 3840/0 266/2 0 0 0 0 2022-02-06 02:59:00 2935/0 271/2 0 0 0 0 2022-02-06 03:09:00 3091/0 258/2 0 0 0 0 2022-02-06 03:19:00 1492/0 294/2 0 0 0 0 2022-02-06 03:29:00 3380/0 274/2 0 0 0 0 2022-02-06 03:39:00 4449/0 252/1 0 0 0 0 2022-02-06 03:49:00 4454/0 247/1 0 0 0 0 2022-02-06 03:59:00 1480/0 236/2 0 0 0 0
- Read stream counts that far exceed supported limits. In the below '
Long-Running RPCs and File System Timeouts
Heavy scanning can generate a sustained load, resulting in slow or stalled RPC operations and general file system delays.
Cause
Security scanning tools, antivirus solutions, and similar applications often attempt to recursively list, inspect, or search all files on a system.
When these tools target a Data Domain system, they introduce sustained directory traversal and read activity that overloads the file system, causing significant performance degradation.
When these tools target a Data Domain system, they introduce sustained directory traversal and read activity that overloads the file system, causing significant performance degradation.
Résolution
Exclude all Data Domain systems from security scans, antivirus scans, and automated file-inspection scripts.
Only qualified and supported applications should access or place workload on a Data Domain file system.
Produits concernés
Data DomainProduits
Data DomainPropriétés de l’article
Numéro d’article: 000196875
Type d’article: Solution
Dernière modification: 17 Mar 2026
Version: 3
Trouvez des réponses à vos questions auprès d’autres utilisateurs Dell
Services de support
Vérifiez si votre appareil est couvert par les services de support.