Lansweeper, Large architecture for 120000 assets

thierry-ct · ‎10-18-2022

Hello,

Is there anyone using Lansweeper with 120,000 or more assets ?

If so, how is your architecture structured, a single database ? (what characteristics in number of CPU, memory etc.) for how many scanners ?

Is lansweeper able to support a load of more than 120,000 assets ?

thierry-ct · ‎10-28-2022

Hello

Good idea 'rom' for the range 'DO NOT SCAN', I created a range of this type for more than a hundred new sites. If it works it will save me from entering the credentials on all these IP ranges! 😉
I'll make a list of useful functions on Lanssweeper to pass on to support who can escalate to engineers.

Among other things, the possibility of managing the scopes and their characteristics by group would be really appreciable.

thierry-ct · ‎10-28-2022

Hello !

Thank you for the information.

Using Lansweeper on a large asset perimeter is complicated. Indeed, it is necessary to use a lot of scanner to distribute the load. The database has a fairly high-performance environment with 32GB of memory, fast disks and 8 CPUs.

Thanks 'rom' for the advice on Windows event tracking, I'll check that config point

I have hundreds of networks to scan, in this kind of situation the management of networks by group would be welcome to apply credentials or schedules rather than network by network. (configuring Lansweeper with many networks is like using an active directory without an OU)

rom · ‎10-28-2022

I found this unintentional super-nice feature back in the day: make an all encompassing subnet range in the config, and assign it all of the credentials you want. In the description of the range I put 'DO NOT SCAN' but it even turns the entry to a red font, and warns you anyways if someone happens to press 'scan'. Lansweeper remembers the credential that worked for an asset (at least I think it does) so it doesn't keep trying all of the credentials every time it scans an asset. For your VLANs to import, I took someone's excel conversion spreadsheet online that converted masks to ranges via excel formula, to put everything in the right format to import into lansweeper via GUI file import, because the IPAM didn't have an API. If it has an API, you can either have a DBA or data analytics person (or you) pull the data from IPAM API and insert the records into the database. The excel file you can mess around with to get IPAM or other IP subnet/range exports from, and convert, is here: http://trk.free.fr/ipcalc/

There are some things that Lansweeper doesn't do that enterprises need - at least out of the box that is. If you have a pain point along the way, email support - they will initially warn you that they don't support what you're trying to do, but if you tell them your situation and how it's a must to have it working, they generally will forward your request on to an engineer and they will provide you with a way (usually a SQL query to help you along the path). Each pain point from a large enterprise perspective, is very valuable knowledge for them, they always welcome it (at least the engineers).

rom · ‎10-27-2022

Having that many assets, especially if a lot of them are windows, you will want to turn off windows event log scanning, or at least limit it to 1 to 2 days. You will want to use MSSQL full version of some sort - if your teams will rely on it, or ITSM like ServiceNow, etc... you might want to consider an Always-On SQL cluster or something. Anyways, look over the database size articles as far as which tables grow large - many do not, but the event log history and a few other history tables surely do. You will need multiple scan servers.. a lot of them probably, as you set the number of simultaneous scans for windows and network items... so it will never catch up from the queue unless you segment off the load across multiple scan servers. Fortunately those are easy to get going. Definitely use IIS full version and not IIS Express. You will have to be creative when dealing with that many subnets, exclusions, etc just due to the sheer numbers - so what I do is run SSIS packages, or API to update/import from various other systems, like an IPAM system so you don't have to manually create or maintain all of those IP Locations, for example. Stuff like that is not supported, but it's a necessity - fortunately its MSSQL behind the scenes, so become best friends with a DBA and the sky's the limit.

OH. Make sure you have a dev/test environment/instance - it's covered/allowed in the License Agreement Terms, and it's a MUST due to the fact that some bugs pop up here and there with new versions, that can actually cripple a system that large if you're not careful. Make sure to do upgrades in test first, and test the agents, etc... and closely watch the forums and changelog page for Lansweeper.

Specs on SQL server isn't as high as you would think - I'd say like 4p4v if even that... and 32GB of RAM or so... but you will want to work with support/DBA to change the default location of the databases, which is on the C: drive. The installer sets up the database automagically. Scan servers don't take up much at all - standard 2p2v with 8GB of RAM and standard boot drive size. It's just a windows service. the main server depends on how many users will be accessing the website - but standard 2p2v with 16 to 32GB of RAM probably... and standard disk size.

Obi_1_Cinobi · ‎10-19-2022

Hello there!

We certainly have customers with equally large environments. The following KB article might already be a good read to get you started: https://www.lansweeper.com/knowledgebase/lansweeper-setup-recommendations/

You can contact our sales and customer success team through this page to get more personalized advice: https://www.lansweeper.com/pricing/

Lansweeper, Large architecture for 120000 assets

New to Lansweeper?

Try Lansweeper For Free