Sensor Installation

When you install a Sensor, you have a choice to:

  • Install a Sensor on bare metal or your own virtual machine via a script you obtain from Fortra Cloud Email Protection. See Install a Sensor Via Script.
  • Install a Sensor via a downloadable pre-packaged, pre-configured virtual machine disk image (OVA). See Install a Sensor Via OVA.

General guidelines for on-prem sensor Installation / Upgrade:

  • Before upgrading, make sure to remove the sensor from the mail rotation. It is important to upgrade sensors one at a time to avoid any system-wide problems in case of unforeseen issues.

  • As a precautionary measure, create a VM snapshot before proceeding with the update.

  • To update the sensor, Click Update Now in the application window.

  • Once the update is complete, reintegrate the sensor back into the rotation.

  • Monitor the sensor's behavior and performance for a few days.

  • If no issues arise, you can proceed with upgrading the rest of the sensors. However, if any problems occur, remove the sensor from the mail rotation and open a support ticket.

Install additional Sensors

Because they are evaluating only individual message metadata, plus extracted attachments and URLs if enabled, and discarding the message body, Cloud Email Protection’s Sensors are highly efficient. Based on the number of inbound messages you plan to duplicate from your mail store/email gateways, you may want to configure additional Sensors for either redundancy or increased throughput.

How many Sensors do I need?

A single Sensor has a capacity to sustain throughput of about 1.6MB/sec (megabytes per second) with attachment and URL analysis enabled and about 20MB/sec with attachment and URL analysis disabled. At a minimum for non-hosted Sensors, a load balanced, dual Sensor configuration is strongly recommended in a production environment for redundancy.

To determine the number of Sensors you need if you are managing your own, you will need to collect data on the number of messages you process and the average size of those messages. The Threat Trends report (see Threat Trends Reports) shows you the number of messages processed per day.

Then it's just a matter of math. Let's say (to make the math easy) you process 864,000 message per day. That's 10 per second, on average. And, let's say, messages average 100KB in size, so you're looking at 1MB/sec. If you have attachment and URL analysis enabled, a Sensor can process about 1.6MB/sec, so about 16 message per second.

Here are a few examples:

Approximate message processing rates per Sensor.
Average Message Size Message Processing Rate Per Sensor, Attachment & URL Analysis
  Enabled Disabled
100KB 16 messages/sec 200 messages/sec
150KB 11 mesages/sec 133.3 messages/sec
250KB 6 messages/sec 80 messages/sec
1MB 1.6 messages/sec 20 messages/sec

Remember, this is maximum sustained capacity per Sensor. You will want to provisions Sensors so that you have enough for both message spikes and redundancy. These limits do have a built-in capacity for brief spikes in email traffic, but not sustained peaks higher then these limits.

Of course, messages are not processed at the same rate all day. For many organizations, more messages are received in the middle of the day than in the wee hours of the morning. Here's an example of messages received by a Sensor during a 24-hour period:

Example of messages processed by one Sensor during a 24-hour period.
Example of messages processed by one Sensor during a 24-hour period.

As you can see from this example, brief traffic spikes occur at random times all day long, but a sustained peak occurs around mid-morning. So in considering how many Sensors you need, or when to add additional Sensors, You'll also want to keep in mind:

  • How many messages you receive during peak periods.
  • How many messages you might receive in a temporary spike.
  • How much headroom, or buffer, you want to provide.

For example, based on your average message size, you might expect a Sensor to handle 10,000 message per hour over the course of a day, but between noon and 3pm, you expect 25,000 message per hour, while between midnight and 3am, you expect 1500 message per hour. You would want enough Sensors to handle the afternoon peak of 25,000 message per hour.

These numbers are, of course, very rough estimates. You should monitor your Sensors to see how close to capacity they are running.

NOTE: If a Sensor hits its capacity, it buffers messages and processes the messages in that buffer at its maximum possible throughput. No messages are discarded, but threat detection and enforcement could be slightly delayed.