Security

Reply
Frequent Contributor II
Posts: 143
Registered: ‎07-27-2012

CPPM Memory Error

My Clearpass VM-500 is showing a memory error in the Event Viewer:
System is running with low memory. Available memory = 28%

 

But VMWare shows that the VM has 4GB available, and only 700MB currently in use.

 

Do I need to configure something in CPPM?

 

Thanks,

Tony

Guru Elite
Posts: 8,467
Registered: ‎09-08-2010

Re: CPPM Memory Error

I would open a TAC case.


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Contributor I
Posts: 23
Registered: ‎01-10-2014

Re: CPPM Memory Error

Hey Tony,

 

I have the same problem.

 

Have you found a solution?

 

Thanks in advance.

 

Best regards,

Marcel

Aruba
Posts: 1,542
Registered: ‎06-12-2012

Re: CPPM Memory Error

#1 Make sure all your VMs are at the recomended resources.

 

http://support.arubanetworks.com/Documentation/tabid/77/DMXModule/512/Command/Core_Download/Default.aspx?EntryId=15305

 

CP-VA-500


l 2 Virtual CPUs
l 500 GB disk space
l 4 GB RAM
l 2 Gigabit virtual switched ports
l Functional IOP rating for a 40-60 read/write profile for 4k random read/write = 75


CP-VA-5K


l 8 Virtual CPUs
l 500 GB disk space
l 8 GB RAM
l 2 Gigabit virtual switched portsl Functional IOP rating for a 40-60 read/write profile for 4k random read/write = 105


CP-VA-25K


l 24 Virtual CPUs
l 1024 GB disk space
l 64 GB RAM
l 2 Gigabit virtual switched ports
l Functional IOP rating for a 40-60 read/write profile for 4k random read/write = 350

 

#2 (Theses are just suggestions if you are having issues and what I personaly recomend)

 

  • If they are running Vmware 5.1 have them install an SSD in each ESX host and have the VM's swap file located there. CPPM does lots of memory swapping and in vmware the swap file is normally stored with the VM, which is normally on the SAN. This causes a lot of SAN IO that people normally can't account for. By storing the Swap on SSD on the host, all of that is taken off of the SAN and the system performs much better, since SSD will be faster than the SAN. It doesn't have to be enterprise grade, I have run OCZ vertex 240GB and they work fine. Just note they will probably need to be refreshed every 3-4 years.
  • More RAM the better
    • Also remember, vmware will create a swap file equal to memory allocated another reason for local SSD.
  • If they are running iSCSI make sure the cards support iSCSI acceleration or TCP offloading. If not then they need to run Jumbo frames.
  • DO NOT USE SOFTWARE iSCSI INITIATORS! ONLY USE HARDWARE! The difference in latency, reliability, and throughput is immense.

SAN:

  • Use nothing but 15k disks. 7.2k is not recommended.
  • SSD's have not yet been tested and so are currently not recommended.
  • I would suggest a dedicated LUN and a dedicated stripe of disks for CPPM instead of using a storage pool where VM's share the same storage.
  • NO THIN PROVISIONING!
  • De-duplication is ok as long as the De-dupe job doesn't happen during production hours and does not inter fear with CPPM's nightly maintenance.
  • The SAN should be able to sustain about 3500 iops sustained per CPPM server. This is what I was experiencing with Liberty while they had 'issues'.
  • Use NFS instead of FC or iSCSI to eliminate the VMFS storage layer. It has been found file level storage to be more responsive then block level.
  • Don't use and IO gateways unless they are high end ones. There are some pretty bad FC > iSCSI implementations.

 

Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Contributor I
Posts: 23
Registered: ‎01-10-2014

Re: CPPM Memory Error

Hey tarnold,

 

thank you for that detailed answer!

 

I had found a solution in another Thread and I would like to share that.

 

Clearpass: System is running with low memory.

 

Best regards,

 

Marcel

Search Airheads
Showing results for 
Search instead for 
Did you mean: