Specifications

Large-scale deployment considerations

| 101

Tune encryption intensity for network

When encrypting large folders on a network share through a policy, it is strongly

recommended to tune the network encryption intensity. The following values are

advised:

• I/O Utilization: 30% (Set in Encryption options policy section)

• Bandwidth limit: 100 KB/sec. (Set in Network policy section)

• Network latency: 600 ms. (Set in Network policy section)

• Maximum number of clients to encrypt folders: 10

You also may want to consider limiting the size of the files to be encrypted (Set in the

Encryption options). This is not critical, however.

Explicitly encrypt large shares in advance

For large network folders that shall be encrypted, rather than having the folders

encrypted through a folder encryption policy, consider a manual (explicit) encrypt of

the network folder(s) in advance, from one machine with Endpoint Encryption for Files

and Folders deployed.

Initiate the encryption from this single machine, after logging on with an appropriate

Endpoint Encryption for Files and Folders user, and then let the encryption run, say,

maybe overnight.

The reason is to avoid extreme payload on the file server(s) from many clients seeking

to 1. Enumerate, 2. Fetch 3. Encrypt and 4. Upload files to/from the server(s). By

doing this, the risk of network failure and file server payload overflow is minimized.

Dedicated machine

If possible, consider using a dedicated machine for hosting of your central object

directory and the Endpoint Encryption communication servers. This will help eliminate

disturbances from other applications consuming RAM, CPU and HDD I/O.

When considering using a dedicated machine, the following three hardware

parameters are of foremost importance:

• Fast hard disk drive

• Plenty of RAM (preferably 1 GB or more)

• High-speed network cards / 100 Mbps+ network connection