I've had mostly bad experiences with AV interacting with storage. Not just on NetApp.

I find it's really quite common to underestimate the workload involved in traversing a billion files across a few hundred tera, and how much knock on impact that cascaded down. (It's passable on a quiescent system, but can _really_ hurt when it's under load, and push your latency up quite significantly).

Particularly - a lot of the performance of storage arrays in general is down to efficient caching, and deep file traversal doesn't. So you've got a heavy 'fast as you can' read workload, that _has_ to go to back end disks, and because it's read-heavy it's a real-time time constraint.

On access or on-write scanning similarly - average figures look ok, but _peak_ latency figures start to really hurt. I mean, the way latency works - when 'congestion' is happening, load increases amplify into quite substantial latency increases, and performance _really_ starts to hurt.

Offloading 'on access' to client is about the only way to distribute this load wide enough.

Of course, in an ideal world, you'll have ample storage performance in reserve, and this will never be an issue. Maybe when we're all SSD everywhere, then I'll revise my opinion. I think that day is still a way off though....

(reply to the whole list this time :))

On 25 April 2017 at 15:07, TAYLOR DANIEL <dantaylor@ntlworld.com> wrote:

As we make an increasing push to use CIFS I am interested to know what peoples thoughts and opinions are on scanning data on CIFS shares for viruses etc. Does anyone use the Anti-Virus connector for Clustered Data ONTAP? does it work or have experience with it, and what are the alternatives other than to let the clients use their own AV to deal with potential nasties!

_______________________________________________
Toasters mailing list
Toasters@teaparty.net
http://www.teaparty.net/mailman/listinfo/toasters