Reset Search
 

 
Article

KB44410 - Impact of CAV (Cloud Application Visibility) Traffic on PCS and the recommendations to mitigate this issue.

Printable View
« Go Back

Information

 
Last Modified Date3/21/2020 3:51 PM
Synopsis
This article outlines the Impact of CAV (Cloud Application Visibility) Traffic on PCS and the recommendations to mitigate this issue.
Problem or Goal
Cloud Application Visibility (CAV) feature was introduced in PCS 9.0R2 & it enables you to secure and manage cloud applications. It also provides visibility of the cloud application used by the user and allows the Administrator’s to set granular access and use policies to monitor the Cloud Application usage in real time. More details can be found under pcs-cloudsecure-9.1r4-admin-Guide

It was found that CAV traffic from Pulse Clients is generated towards PCS even though Cloud License is not installed on PCS. And this can result in High CPU and Performance issues.  
 
Cause
This was caused due to the following reasons :
  • The Pulse Clients were sending data even without receiving instructions from PCS.
  • CAV traffic from higher number of end-points will load the web process causing performance issues.
CAV requests are identified in user access logs as below requests, do confirm if we see high number of such requests to match issue :

info - [x.x.x.x] - System()[][] - 2020/03/24 04:15:50 - NODE-3 - Unauthenticated request url /api/v1/cav/client/status came from IP x.x.x.x

NOTE : To log unauthenticated requests, we need to enable below settings :

User-added image
 
Solution
NOTE : *Poll Interval – This interval ensures that the user data is sent after very long periods and thus not overloading the PCS Appliance.

•    Poll Interval settings configuration : System -> Cloud Secure -> Cloud Application Visibility -> Options -> Poll Interval.
 
Pulse Desktop Client VersionPulse Connect Secure VersionLicense TypeAction
Pulse 9.1R3.x or beforePCS 9.1R3.x or before
  1. if EVAL/Cloud secure License installed.
  2. if EVAL /Cloud Secure License not installed.
  1. Set the Poll Interval* to 999999999 seconds.
  2. Upgrade PDC to 9.1R4 and above which will stop CAV requests, refer PRS-384881 in 9.1R4.2 release notes OR Request EVAL License) & then Set the Poll Interval* to 999999999 seconds.
Pulse 9.1R3.x or beforePCS 9.1R4 - 9.1R6
  1. if EVAL/Cloud secure License installed.
  2. if EVAL /Cloud Secure License not installed.
  1. Set the Poll Interval* to 999999999 seconds.
  2. Upgrade PDC to 9.1R4 and above which will stop CAV requests, refer PRS-384881 in 9.1R4.2 release notes OR Request EVAL License) & then Set the Poll Interval* to 999999999 seconds.
Pulse 9.1R3.x or beforePCS 9.1R7
  1. if EVAL/Cloud secure License installed.
  2. if EVAL /Cloud Secure License not installed.
No Action Needed (By Default, with PCS 9.1R7, the PDC client will contact the PCS server only once per user session). 
Pulse 9.1R4 and abovePCS 9.1R4 and above
  1. if EVAL/Cloud secure License installed.
  2. if EVAL /Cloud Secure License not installed.
No Action Needed 
Pulse 9.1R4 and abovePCS 9.1R3.x or before 
  1. if Cloud Secure/EVAL License installed
  2. if Cloud Secure/EVAL License not installed.
No Action Needed

NOTE : Installing EVAL license enables Cloud Application Visibility (CAV) feature

 
Related Links
Attachment 1 
Created ByRaghu Kumar

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255