uberAgent 7.0 Preview: Intelligent Disk Buffering
While we’re finalizing version 7.0 of our user experience monitoring & endpoint security analytics products uberAgent UXM and uberAgent ESA, let’s take a look at another cool new feature: intelligent disk buffering.
If you follow our blog closely, you’ll notice that we already talked about disk buffering when we announced Persistent Output Queue with uberAgent 6.2. So, what’s new?
In order to better explain the innovation that is Intelligent Disk Buffering, let me recap how uberAgent handled outgoing events in the past.
uberAgent always had a memory buffer for outgoing events. New events were stored in a 10 MB buffer in RAM until they could be sent to the backend. This was very efficient and worked well, but had certain disadvantages: when the buffer overflowed, new events were discarded. When the endpoint was restarted, all events in the buffer were lost.
In short, the memory buffer protected against short network outages but was not sufficient for devices such as laptops that may be offline for prolonged periods of time.
Introduced with uberAgent 6.2, Persistent Output Queue (POQ) adds a lightweight database layer to an endpoint’s outgoing event queue. When POQ is enabled for a backend, new events are not written to the memory buffer (see above), but to an SQLite database located on the endpoint’s disk. This guarantees that no events are lost independent of network connectivity. However, it also adds a small but constant amount of disk IO activity.
As we’ve seen above, the Persistent Output Queue is great in that it guarantees no events are lost. Isn’t it a little unfortunate, though, that it always writes new events to disk even if they could be sent off to the backend right away? In other words: why store new events on disk if network connectivity to the backend is available?
That’s exactly what we asked ourselves, too, and we’re thrilled to announce that Intelligent Disk Buffering combines the best of both buffering technologies mentioned above. Let’s see how it works.
uberAgent 7.0 constantly monitors network connectivity to its backend. As long as the backend is reachable and processes new events correctly, our endpoint agent does not store events on disk but sends them to the backend directly, thus avoiding any disk IO on the endpoint.
If the backend becomes unreachable, either because network connectivity is lost or because the backend has issues accepting data, the agent writes new events to the Persistent Output Queue’s local database. uberAgent periodically checks if connectivity is back up. Once that is the case, it sends all events buffered to disk and reverts to the efficient direct sending (see case A).
As always, uberAgent is highly configurable. You can choose to disable Intelligent Disk Buffering, reverting the agent’s behavior to memory buffering only.
If you leave Intelligent Disk Buffering at its default setting “enabled”, you can control how many events the agent keeps in RAM before it switches to disk buffering if the backend becomes unreachable. This allows you to fine-tune the agent’s behavior, either opting for maximum efficiency (as little disk IO as possible), maximum data safety (no events to be lost under any circumstances), or a balanced configuration, which is the default.
The uberAgent product family offers innovative digital employee experience monitoring and endpoint security analytics for Windows and macOS.
uberAgent UXM highlights include detailed information about boot and logon duration, application unresponsiveness detection, network reliability drill-downs, process startup duration, application usage metering, browser performance, web app metrics, and Citrix insights. All these varied aspects of system performance and reliability are smartly brought together in the Experience Score dashboard.
uberAgent ESA excels with a sophisticated Threat Detection Engine, endpoint security & compliance rating, the uAQL query language, detection of risky activity, DNS query monitoring, hash calculation, registry monitoring, and Authenticode signature verification. uberAgent ESA comes with Sysmon and Sigma rule converters, a graphical rule editor, and uses a simple yet powerful query language instead of XML.
About vast limits
vast limits GmbH is the company behind uberAgent, the innovative digital employee experience monitoring and endpoint security analytics product. vast limits’ customer list includes organizations from industries like finance, healthcare, professional services, and education, ranging from medium-sized businesses to global enterprises. vast limits’ network of qualified solution partners ensures best-in-class service and support anywhere in the world.