Performance Calculations
Contents
The following performance counters can help you to understand how Classification is affecting your system’s performance.
| COunter | Description |
| # assets / sec | Number of resource callback requests to the Data Governance agent for content per second. |
| KB of binary content in / sec |
Rate of binary content flowing into the agent for processing into plain text. |
| KB of binary content out / sec |
Rate of plain text content flowing out of the agent to the rules engine. |
| COunter | Description |
| # assets / sec | Rate at which files are queued in the classification system to be processed by the rules engine. |
| COunter | Description |
| # assets / sec | Number of resources being processed by the rule engine. |
| # matches | Total number of rules that matched. Note: This does not mean that a resource was classified. |
| entity extractor bytes / second | Rate at which the plain text extracted from the resource is being processed. |
| KB plain text process / sec |
Rate at which plain text content is examined for rule matches. |
| rules processed / sec | Rate at which rules are run against plain text content. |
| COunter | Description |
| Average processing time | Average time it takes for one text extractor to process one resource. |
| COunter | Description |
| Average processing time | Average time it takes for one rule to process one resource. |
Adjusting CPU Throttling Levels
Extracting text for the purpose of categorization and classification may cause strain on the agent computer’s CPU. To ensure the classification process does not disrupt any other services running on your computer, you can enable CPU throttling. The optimal value depends upon the other services are running on the agent computer and how much cpu capacity you want dedicated to the classification process. If the value is set to for example 75%, the agent will never cause the load on the computer to exceed that value. Setting this value too low will limit the classification process as the act of extracting content can trigger the throttling and cause a start/stop of the process.
The value to throttle at is set through creating the following registry key: "cpuUsageThreshold" DWORD key in [HKEY_LOCAL_MACHINE\SOFTWARE\Quest Software\Broadway\Agent\Services\contentRequester].
To disable the throttling, set the value to 0.
Deploying Classification in Identity Manager
Classification Overview
Classification helps you and the security professionals in your organization understand the contents of your unstructured data, thereby ensuring that sensitive NTFS and SharePoint assets are properly secured.
More specifically, Quest One Identity Manager Data Governance Edition provides:
- The ability to categorize and classify data from Windows computers, Windows clusters, Net App Attached Storage Devices, and SharePoint. Numerous file types can be scanned to provide information on the data in your organization, its content, and the categorization and classification that should be applied based on the automated system.
- Automatic and manual classification: Automatic classification evaluates your documents against a set of rules to automatically apply categories and ultimately classify your data. Manual categorization enables the appropriate business owner to control how the data is categorized and ultimately classified.
- Data security intelligence and control: Control data access through the automatic governance of data and policies based on classification. Classification also provides details and trends through statistics that identify the cost of data exposures. For example, you can see files located in a public folder that have been classified or categorized as Secret.
- Business data accountability: Assign data ownership based on classification policies and enable attestations and manual categorization by the business owner to ensure the classifications are valid.
- Classification enforcement: Specify ‘unbreakable’ rules that must be enforced and cannot be overridden.
- The ability to import Titus classification policies into the system.
- Classification auditing.
By understanding the contents of a document using categorization, organizations can better secure their NTFS and SharePoint assets. Through both the Manager and the Web Portal, Identity Manager enables this by:
- Using an automated categorization engine to process documents and tag them according to defined rules
- Allowing the extension and customization of the automated categorization system
- Having the owner of the asset attest to its proper categorization, providing accountability
- Allowing users to override the system to improve the accuracy of the categorization
- Creating policies that define access to resource with a particular category
- Identifying violations to these policies, and providing a workflow to resolve them
Identity Manager includes templates to help you to test and understand the classification process. The templates include sample taxonomies, categories, extractors, and rules that can be used for automatic classification.
- Data Governance Sample taxonomy
- Data Governance Payment Card Industry (PCI) taxonomy
- Titus Commercial taxonomy
 |
For details on the Dell templates, see Appendix C: Classifying Data with Data Governance Templates. |
Proper deployment of your classification system requires the coordination of the administrator responsible for managing the data that is scanned, the classification analyst responsible for managing the taxonomies in the system, the business owners responsible for verifying and managing the categorization of resources, and the security or compliance officer responsible for oversight.
For details on managing your taxonomies and working with classified data, see Configuring Classification: Taxonomies, Categories, and Rules and Configuring Classification: Taxonomies, Categories, and Rules .