During our performance testing of Sophos Endpoint Security and Control on Windows 2008, we discovered performance issues when more than ;5,000 endpoint computers are managed by Enterprise Console. At that time, we issued guidance that any installation of Enterprise Console on Windows 2008 should be supplemented by the installation of a message relay if more than 5,000 clients would be managed.
Following more in-depth investigation by Sophos, we have revised this limit to 4,000 endpoints. This revised limit is based on our analysis of customer environments and continued in-house testing.
Due to these issues when managing greater than 4,000 directly connected endpoints, Sophos highly recommends using Windows Server 2008 R2 or Windows Server 2003 R2 for the following roles:
- Enterprise Console
- Message Relay for the Remote Management System (RMS)
- This recommendation is based on the availability of dedicated physical hardware. Therefore, if you use a virtual environment for these roles, you will need to consider the resource constraint that virtualization imposes in order to determine the number of endpoints that can be managed in your environment.
- This recommendation does not account for any additional roles the server may perform. Other roles that typically need to be considered include web services, DHCP, DNS, AD and file services (including Sophos updates). If you have these roles installed on your Windows 2008 server you will need to reduce this estimate accordingly.
Note: This issue has been raised with Microsoft and investigations are ongoing.