Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

Performance Hit enabling SMBv2 (or higher)

https://support.nagios.com/forum/viewtopic.php?t=63994

Page 1 of 1

Performance Hit enabling SMBv2 (or higher)

Posted: Mon Nov 15, 2021 6:58 pm
by lazzarinof
Good afternoon,

We have a new requirement to use SMB signing on our log repository server (our log repository is currently a CIFS share mounted via a Windows VM). However, the potential impact of considerable performance impact noted by Microsoft (here: https://docs.microsoft.com/en-us/window ... ons-always) has us worried.

Do you have any guidance/best practices on moving to this more secure setup with minimal performance damage? Or, if it's unavoidable, roughly what kind of hit we can expect? With the logs constantly flowing through, we can't have any sort of congestion/outage, as we need to ensure we're maintaining our ISO's standards.

Thank you!

Re: Performance Hit enabling SMBv2 (or higher)

Posted: Tue Nov 16, 2021 1:12 pm
by gsmith
Hi,

Depending on your network and your storage system implementation, the performance impact of SMB signing can
vary widely; you can verify it only through testing in your network environment.

This Microsoft support doc seems to indicate that there is improvement in their Windows Server 2022 :
https://docs.microsoft.com/en-us/troubl ... on-signing

Is there any particular reason you need to use a Windows VM for the log repository ? Do you have client machines
other than the Nagios Log servers that need to access the log repository?

An alternative would be a Linux NFS server.
There are some "gotchas" with the initial NFS setup, and they are detailed here:
https://assets.nagios.com/downloads/nag ... ations.pdf

Thanks

Re: Performance Hit enabling SMBv2 (or higher)

Posted: Tue Nov 16, 2021 1:38 pm
by rferebee
We're utilizing a SAN for our log repository and the only way we've figured out to mount it has been a CIFS/SMB share. From what I understand (and I'm no storage expert) we're not actually using the Windows VM to serve the share, it just allows us to visually manage the data on the SAN. The data is still being written directly to the SAN from the LS nodes.

Re: Performance Hit enabling SMBv2 (or higher)

Posted: Tue Nov 16, 2021 2:54 pm
by gsmith
Hi

Thanks for the info.

I suggest asking the admin of the san if it supports NFS, and if that would make the requirement of using
SMB signing and/or SMB encryption go away.

If the above is possible, then you probably would want to do a test of NFS performance vs. SMB performance (before signing)
to see if it makes sense.

Thanks
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited