Best practices for configuring network cards on your servers for Security Center - Security Center 5.7 - 5.12

Security Center Best Practices - Enterprise

Applies to
Security Center 5.7 - 5.12
Last updated
2023-08-15
Content type
Best practices
Language
English
Product
Security Center
Version
5.12
5.11
5.10
5.9
5.8
5.7

Network cards settings can be optimized to work with Security Center's high throughput, especially if there are more than one per server.

NIC Teaming

NIC Teaming, also known as load balancing and failover (LBFO), allows multiple network adapters on a computer to be used together for either bandwidth aggregation (to handle high throughput) or traffic failover (to prevent connectivity loss in the event of a network component failure). These modes are named differently depending on the hardware vendor. LBFO is available as of Windows 2012R R2 and can be accessed by using the lbfoadmin.exe utility available from the Start run or command prompt.

It is recommended to use what is the equivalent of failover; that is, one adapter is on standby until a network failure occurs, and then the standby adapter takes over. The other modes are also supported, but require more complex network configuration and may cause system disruption.

When Microsoft tool is used to configure teaming, the following settings are recommended for a standby/failover mode:
teaming mode
Switch Independent
Load balancing mode
Address Hash
Standby adapter
Select which adapter is used as the standby.

For more information about NIC teaming configuration using Windows management tool, see the Microsoft Support website to get the latest information on NIC Teaming.

Recommended settings

  • It is highly recommended to always install the latest drivers for your network cards. You can download the latest driver from the manufacturer's website. Network performances are directly related to the driver version and many problems are often resolved simply by upgrading the network card driver.
  • Jumbo packets or frames must be disabled. The maximum packet size should be 1514 bytes unless there is a specific reason for the bigger frames to be considered (for example if iSCSI is used on a storage network).
  • It is recommended to configure your network cards to receive and send large amount of data. Buffer size, flow control, and other settings should be optimized for large amounts of data transmissions. For example, Flow Control Rx and Tx for a Broadcom or an Intel network card should be enabled. The option Large Send Offload [IPv4] for the same manufacturers should also be enabled. The Receive or Transmit buffers should be increased to 1024 or more.
  • It is recommended to configure the advanced features available on a network card so that CPU interruptions are minimized and transmission performances are maximized. For example, on an Intel or Broadcom card, enable the Receive Side Scaling option, while making sure the number of RSS queues and RSS processors are set to the maximum value. You should also enable the Interrupt Moderation option by setting it to an Adaptive mode.

Network cards order or prioritization

When multiple network cards are available on the machine running Security Center, set the NIC card that will be used primarily by the application or the service as the card with the highest priority.