The following lists present a non-exhaustive catalog of factors which may affect the performance of Tideway Foundation. The first list includes factors which can be configured to help improve performance. This is followed by a list of non-configurable factors.

Configurable Performance Factors

Number of Threads in Discovery - may impact performance in environments where the network is particularly slow to respond.

• Consolidation - if the appliance is configured as a scanning appliance and is sending data to one or more consolidation appliances then you can expect a performance drop of between 5 and 10%.
• Database cache size - increasing the size of the database cache size improves database performance. You need to increase the amount of memory in the appliance to do this. This factor has not been seen to greatly impact Discovery performance, but can be tuned where large numbers of users are logged into Tideway Foundation.
• IP optimization - turning off IP optimization will cause a degradation of appliance performance. This is because where a host has more than one IP address, a full Discovery is performed for each of those IP addresses.
• Discovery level - reducing the discovery level increases the speed of discovery, at the cost of the depth of discovery and retrieved data.
• Log level - by default this is INFO. A log level of DEBUG will cause a degradation of appliance performance.
• Overlapping AD slave IPs - where multiple slaves scan the same range of IP addresses, an attempt will be made to login by each slave if no successful login has been achieved by any slave.
• Number of credentials - for each credential whose key matches the IP address, an attempt will be made to login if no successful login has been achieved.
• Number of CPUs - the number of ECA engines will scale appropriately to the number of CPUs. In turn, this will increase the throughput of events through the engine.

Non-Configurable Performance Factors

• Responses from switches for non-routable IP addresses - where any response is received for a scanned IP address, Tideway Foundation assumes that there is an IP device at that address. If a switch is configured to send a response for a non-routable, or unassigned IP address, this may cause a degradation of appliance performance.
• Types of Patterns - some patterns are more complex than others and take longer to run. Therefore, if your network includes a significant number of these complex patterns, it may increase the overall run time.
• Scan ordering - where response time (including network latency) is an issue, this is not noticeable for individual isolated hosts. However, a contiguous block of slowly responding hosts or a high latency network segment can reduce performance noticeably. If all addresses have slow response times, then any performance degradation would be more noticeable.
• Host complexity - discovered hosts which are information-rich, and therefore more complex than those which contain less data, may also cause a degradation of appliance performance, particularly when a large contiguous block of hosts are scanned.