Varonis Best Practices

  • Updated on Jul 17, 2025
  • Published on Mar 25, 2025
  • 23 minute(s) read
  • GP
  • CD
  • RR
 Prev Next

Overview

Varonis provides a suite of security-related software that helps customers analyze and protect their data. Their software is capable of gathering metadata and data from multiple sources, including file servers, Microsoft Exchange, Microsoft SharePoint, and Active Directory. The software combines all of these streams of data to perform user behavior analytics and report on and prevent malicious activity.

This document discusses the deployment considerations and the best practices around them as they relate to the Varonis DatAdvantage and Data Classification Engine (DCE) use cases, when paired with the Nasuni cloud-based file architecture.

Important: If using external auditing (such as Varonis), open port 5671 outbound from the Edge Appliance to the configured audit endpoint. Port 5671 is used for AMQP with SSL. Nasuni does not support AMQP without SSL.

Introduction to Varonis

The Varonis suite consists of three main products: DatAdvantage, Data Classification Engine, and DatAlert. Additional products include DatAnswers and DataPrivilege.

DatAdvantage

DatAdvantage is the heart of the Varonis Data Security Platform, providing complete visibility and control over critical data and hybrid IT infrastructure. DatAdvantage includes the following features:

  • Performs a file walk by scanning metadata to map who can access data and who does access data across file and email systems.

  • Shows where users have too much access.

  • Safely automates changes to access control lists and security groups.

Data Classification Engine

The Data Classification Engine (DCE) performs sensitive data discovery on unstructured data. Pre-built or customer-designed rules are used to identify personal information, such as credit card numbers or social security numbers, financial records, and regulated data (GDPR, HIPAA, PHI, PCI, etc.), so that appropriate actions can be taken to properly secure the data. DCE performs regular scans of the content of files and compares the content against the list of rules that customers have enabled.

DatAnswers

DatAnswers provides search capabilities for compliance and e-Discovery workloads. It is focused on helping enterprises fulfill data subject access requests to meet regulatory requirements, including those imposed by the GDPR. DatAnswers allows you to identify what data you have about a subject and who has access to it. It leverages the metadata and data scanning performed by DatAdvantage and DCE. DatAnswers’s focus on compliance workloads means that it is not a suitable solution for a general-purpose search of unstructured data.

Varonis Support for Nasuni

Varonis SaaS Solution

In May 2023, Varonis introduced its SaaS (Software-as-a-Service) Data Security Platform, transitioning from a traditional on-premises model to a fully cloud-native solution. The new platform incorporates essential features such as least privilege automation, data classification, and integrations with cloud platforms like Nasuni, Microsoft, Amazon Web Services, Google, Salesforce, Box, and GitHub. It provides real-time visibility, data classification, automated remediation, and cross-cloud threat detection. This cloud-based approach supports rapid deployment, reduces total cost of ownership, and enables proactive incident response.

For more details, see Varonis in the Cloud.

Architecture

A typical Varonis deployment consists of a central Data Security Platform (DSP) or Intelligent Data Use (IDU) server, which can either directly monitor other systems or to which one or more Collectors are connected. These Collectors are used to monitor other systems and forward events back to the DSP/IDU server. In a Nasuni environment, a dedicated Collector is deployed next to a dedicated Edge Appliance. This Collector performs regular scans of one or more volumes via the dedicated Edge Appliance. The nature of these scans depends on which Varonis products are in use. In the case of DatAdvantage, the Collector gathers only metadata about the filesystem. If DCE is being used, the Collector also scans file content.

The Collector gathers audit events from the other Edge Appliances connected to the monitored volumes. This is accomplished via the Advanced Message Queueing Protocol (AMQP). Varonis configures the AMQP destination parameters and audit policy on each Edge Appliance. The Edge Appliances then connect to the Collector via AMQPS (TLS/SSL encrypted AMQP over TCP port 5671) and send audit events to the Collector. The Collector performs initial processing of the events and then submits them to the DSP/IDU server. Therefore, the Edge Appliances must be able to resolve the name of the Collector and be allowed to make connections to TCP port 5671 on the Collector.

NMC API

In Varonis version 8.5 of the Varonis software, the configuration of the AMQP destination and audit policy is handled via the NMC API. This simplifies the deployment process compared to what was required with Varonis version 7.x (API keys created for each NEA). With the NMC API, Varonis can also trigger bring-into-cache operations, control metadata pinning, and detect when volumes are connected to new Edge Appliances.

An NMC user with access to the API must be created and added to the Varonis software. To configure the Varonis software, this user must have the “Enable NMC API Access” permission. In addition, a user must have either:

  • The “Manage Volume Settings (Can't add/delete)” permission

  • Or the “Manage all aspects of the Filer (super user)” permission.

This user must also have access to any Nasuni Edge Appliances being monitored by Varonis via the appropriate “Filer Access” settings.

These permissions should be applied to all NEAs that are to be monitored with Varonis.

See Nasuni Management Console Guide for more details about configuring users and groups and the API.

Network Considerations

The Varonis Data Security Platform server must be able to communicate with the NMC via TCP port 443.

Increasing the allocated bandwidth substantially reduces the overall duration of Filewalk and DCE scans. However, it is important to note that, with Varonis's on-premises deployment model (utilizing an on-premises object store), scaling could remain a bottleneck compared to the cloud deployment model, which offers greater scalability.

DCE over multiple collectors support (On-premises Data Security Platform Only)

DCE over multiple Varonis collectors is supported for customer use cases where Filewalk and DCE scan performance is impacted.

This model allows customers to deploy additional Nasuni Edge Appliances and Varonis Collectors to split workloads across multiple Varonis Collectors for workload distribution. This use case is evaluated on a case-by-case basis through a collaborative review by the Nasuni and Varonis Product Management teams.

The following provides a high-level architectural model illustrating how this can be implemented in a customer environment, along with key deployment considerations.

  • This use case might require additional NEAs to be deployed in the customer environment.

  • This use case might require additional Varonis Collectors to be deployed in the customer environment.

  • This use case might incur additional operational costs to the customer.

If you need assistance, reach out to your Nasuni Technical Account Manager and Varonis Support.

Concurrent scanning of volumes

Customers using the Varonis SaaS solution might be able to leverage this feature. However, in the on-premises Varonis Data Security Platform version 8.6, customers can continue to add multiple volumes, but the volumes are not scanned concurrently.

For more information, contact Varonis Support.

Limitations

On-premises

In on-premises situations, the scan is executed against a single volume at a time, with a default configuration of 10-20 threads.

SaaS

In SaaS, it scans the entire NEA in parallel, covering all configured or monitored volumes. Note that the number of threads is still limited to 10-20 threads per volume. Additionally, Varonis limits the total number of threads to 100 across the entire NEA (all volumes).

Deployment

Typically, Nasuni Edge Appliances are deployed at the edge to provide end users with high-performance access for their actively used data. Since the Nasuni UniFS® global file system stores the main copy of all files and metadata in private or public cloud object storage platforms, special considerations are necessary for use cases that require scanning that content.

Nasuni strongly recommends deploying a dedicated Nasuni Edge Appliance with which the Varonis Collector interacts. By deploying a dedicated Nasuni Edge Appliance along with a Varonis Collector local to the region where the main copy resides, the need for transferring the entire data set across a wide area network to the edge is eliminated. This reduces the duration of scans as needed by the Varonis DatAdvantage and Data Classification Engine use case. This architecture also minimizes any egress fees charged by the public cloud provider because the data transfer between the Nasuni Edge Appliance and the Varonis Collector occurs within the same region. Using a dedicated Nasuni Edge Appliance also allows the Varonis administrator to run scans during normal business hours without fear of impacting end-user performance.

Using Varonis with Nasuni Access Anywhere Add-on service

The Nasuni Access Anywhere (NAA) Add-on service does not require additional configuration on the Varonis platform. From a high level, NAA connects to the Nasuni Edge Appliance via the SMB protocol. The Varonis “Data Security Platform” collector receives the audit events from the Nasuni Edge Appliance that the Nasuni Access Anywhere connects to.

Performance

Filewalk and DCE Scan

  • To achieve optimal performance, customers are advised to upgrade their network environment for both NEA and Varonis DSP deployments to a 10Gbps network bandwidth.

  • For maximum performance in metadata object downloads, it is recommended to maximize NEA RAM capacity to 128GB (based on a Nasuni Large build). This configuration enables the most efficient Filewalk operation and significantly boosts the overall Filewalk scan rate.

    The graph below illustrates the Filewalk scan rate for a Nasuni Large build operating on a 10Gbps network connection.
     
    Filewalk scan rate

  • Additionally, increasing the Varonis buffer configuration, in combination with a 10Gbps network connection, has demonstrated substantial improvements in the DCE scan rate for on-premises deployments.

    The graph below illustrates the daily increase in data processing capacity (increase per day GB) achieved with the additional buffer configuration during a DCE scan.

Note: This configuration is done at your own risk. It is strongly advised to consult Varonis support before making any changes.

Varonis Default Queue size per file server is set to 500 | changed to 1500

Varonis Default Total Buffer size is set to 20000 | changed to 30000

Preventing DCE Scan idles

  • Increasing the frequency of the Varonis 'Collector DCE and DW Send Workload' reveals performance improvement with data scan. Also, running this more frequently might prevent DCE scan idles. Contact Varonis Support to assist with this further.

Directory Listing Performance (applicable to DCE scan use cases)

  • Nasuni's directory listing performance shows a significant improvement in scan rate. This feature is enabled by default in NEA version 10. For older versions, it can be manually activated by raising a support request to Nasuni.

    • Nasuni customers using versions older than the current GA can also benefit from improved directory listing performance, especially when dealing with folders containing tens of thousands of items.

    • Note that it is also imperative to ensure that no changes are being propagated to the Primary NEA that Varonis is scanning. This is to prevent additional workloads from impacting the overall duration of the scan. For guidance, consult Nasuni support.

Dense Volumes

Dense volume refers to a Nasuni storage volume containing a high concentration of files, data, or metadata. To maintain an optimal Varonis scan rate and reduce slow scan rates, distributing workloads across multiple filers evenly is often necessary and is Nasuni's recommended approach.

Several factors contribute to this density, including:

  • Number of Files – A high file count, especially with many small files, increases the overhead for scanning, indexing, and processing.

  • File Size Distribution – A large number of small files can cause fragmentation and higher metadata overhead, slowing down scanning processes.

  • File System Metadata – A high number of access control lists (ACLs), extended attributes, and file properties can increase scanning time.

  • Directory Structure – Deep or highly nested directories require more operations to traverse, impacting performance.

According to Varonis, for optimal performance when monitoring individual volumes that contain at least 3 million directories, these monitored volumes should be split as evenly as possible between 2 dedicated Nasuni appliances.

Speak to Varonis support to provide further guidance and recommendations.

Snapshot Directory Access

Nasuni recommends disabling Snapshot Directory Access (access to the .snapshot directory) when using external auditing services, as enabling it can impact scan rate performance.

Incremental scans

For customers using Varonis SaaS, the incremental FileWalk scan is designed to run four times per hour, which may increase the workload on the dedicated Nasuni appliance. The density of Nasuni volumes also affects the scan rate, so Nasuni recommends distributing the workload across multiple filers. For specific recommendations, contact Varonis support.

Volume limit

Dedicated Nasuni Filers with more than eight volumes may encounter performance bottlenecks during scanning. To sustain an optimal scan rate and minimize slow performance, distributing workloads across multiple filers evenly is often necessary, and is the overall Nasuni recommendation.

This strategy helps optimize resource utilization, alleviate CPU and I/O congestion, and enhance overall scanning performance. Additionally, factors such as file size distribution, metadata complexity, and network throughput should be considered when determining the ideal workload distribution strategy.

Speak to Nasuni and Varonis support for guidance.

Bring into cache API calls

Depending on the use case, disabling bring into cache API calls on dense volumes can provide significant scan rate improvement. This is reviewed on a case by case basis, speak to Varonis Support for recommendation.

Varonis Collector recommended timeout configurations

Application layer timeout

  • As best practice and a preventative measure, the following Varonis RabbitMQ configuration parameters should be considered for high-latency environments. This is where the network latency between the NEA and Varonis collector exceeds 250ms. These configurations can help alleviate a high-latency connection between the NEA and Varonis Collector, ensuring that the AMQP connection between the NEA and Varonis remains established even in a very high-latency environment. You should always consult with Varonis Support before making changes to your environment.

Varonis Native RabbitMQ Configuration Adjusted Parameters

{handshake_timeout,300000},

{ssl_handshake_timeout,300000},

{tcp_listen_options, [{keepalive, true}]}

Transmission Control Protocol (TCP) layer timeout

  • Additionally, as a best practice and preventative measure, adjusting the KeepAliveTime timeout parameter ensures that the TCP connection between NEA and Varonis Collector remains open if latency exceeds 250ms. This ensures event messages are received successfully.

Varonis Server Keep Alive Timeout

TCP KeepAliveTime parameter should be set to 900s / 15mins

  • The following shows the location of where the KeepAliveTime parameter can be defined. You can simply create a new parameter in the following registry location:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters

Common timeout errors

  • The following shows an example of TCP and SSL/TLS handshake error messages at a high-latency environment that the above timeout parameters might prevent.

vhost: 'nasuni', user: 'NasuniOwner'): client unexpectedly closed TCP connection

closing AMQP connection <0.4786.8> (<Source_Client_IP>:56840 -> <Server_Destination_IP>:5671): {handshake_timeout,handshake}

Considerations

Using visible shares

Before the initial scan of a Nasuni volume by Varonis DatAdvantage, ensure that all SMB (CIFS) shares to be scanned are visible. Use the Edge Appliance UI or the NMC to edit each share and ensure that "Visible Share" is checked. After the initial scan, you can uncheck "Visible Share" for each share.

Nasuni Filer and Varonis Collector ratio

Traditionally, siloed NAS architectures required a one-to-one relationship between the NAS device and a Varonis Collector in order to avoid inefficient scans across wide area networks.

The Nasuni UniFS® global file system eliminates the need to deploy a Varonis Collector along with every Nasuni Edge Appliance since changes to data on volumes that are shared across Nasuni Edge Appliances are propagated to all connected appliances.

In addition, every Nasuni Edge Appliance is capable of sending file system audit events via the Nasuni Auditing API back to the dedicated Varonis Collector. Varonis analyzes these audit events. If a threat is detected, Varonis generates administrative alerts and takes proactive actions to lock down data or users. The Varonis Data Security Platform can also use these audit events to identify which files and folders have been modified and perform incremental scans of just those items. See the Nasuni Management Console Guide for details about configuring file system auditing.

Public Cloud Networking

The Nasuni Edge Appliance and Varonis Collector virtual machines require connectivity to infrastructure resources. Both the Edge Appliance and Collector require access to Active Directory domain controllers. The Collector requires access to the Varonis DSP server. If these infrastructure resources are deployed solely on-premises, then a trusted network path, in the form of a VPN or direct connection, must be created between the public cloud and your data centers. Alternatively, infrastructure resources that already exist in the public cloud can be used by the Edge Appliance and the Collector.

Multi-Region Deployments

When data is hosted across multiple cloud service provider regions, it is recommended that a dedicated Nasuni Edge Appliance and Varonis Collector be deployed in each region. This ensures the best performance because the Nasuni and Varonis VMs are close to the data. It also minimizes egress fees. In addition, this arrangement addresses data sovereignty concerns, such as those of the European Union’s General Data Protection Regulation (GDPR), by ensuring that content scanning happens within a particular region.

In a multi-region scenario that does not involve data sovereignty concerns, and where cost takes precedence over scan duration, it can be more cost-effective to use a single Nasuni Edge Appliance and Varonis Collector pair to scan multiple volumes/regions. Each cloud service provider has different costs associated with data transfers. Consideration should be given to how much data is scanned by Varonis and, thus, how much data traverses the cloud service provider’s network. In the case of Varonis DatAdvantage, which only involves the scanning of metadata, egress fees are almost always less than the cost of deploying multiple VMs in each region. However, when Varonis Data Classification Engine is used, significantly more data is involved in each scan. The major cloud service providers offer cost calculators that can be used to determine the break-even point for data being scanned across regions vs. the cost of deploying additional VMs.

Network Architecture

In a multi-region deployment, the Edge Appliances and Collectors in each region need to be able to communicate with Active Directory domain controllers and the Varonis DSP server. This communication can be routed across region-specific secure connections between a regional office and the cloud service provider, or across the cloud service provider’s backbone to a shared secure connection at a single customer location.

Using region-specific secure connections for trusted traffic

Using a cloud service provider backbone to a central secure connection for trusted traffic

The specific network configurations for each scenario vary depending on the cloud service provider. Consult your provider’s documentation for the latest deployment guidance.

Important: Open port 5671 outbound from the EdgeAppliance to the configured Varonis Collector.

Port 5671 is used for AMQP with SSL. Nasuni does not support AMQP without SSL.

Subsequent Varonis DatAdvantage Scans

After the initial scan of the Nasuni volume, it is recommended that DatAdvantage be configured to perform incremental FileWalk scans rather than use the default 24-hour full-scan frequency. The incremental scans rely on the stream of audit events from the Nasuni Edge Appliances to identify new data to scan. FileWalk also performs weekly full scans.

Specifying an incremental scan after the initial scan.

While the bulk of the metadata for the volume is already resident in the cache due to the initial “Bring into Cache” procedure, any new metadata must be downloaded to the cache by the Nasuni Edge Appliance as DatAdvantage requires it. The amount of new metadata to download to the cache depends on how much data changes and how frequently the data changes in the volume being scanned.

Note: Nasuni reports data capacity in terabytes, where 1 terabyte (TB) equals 1,000,000,000,000 bytes. Varonis DatAdvantage reports data capacity in tebibytes, where 1 tebibyte (TiB) equals 1,099,511,627,776 bytes.

Data Classification Engine (DCE) Scans

Unlike the FileWalk process, which only scans metadata, DCE scans the contents of files in order to identify sensitive information. DCE receives a list of work to do from the FileWalk process. It copies the relevant files from the Nasuni Edge Appliance to the Varonis Collector, and then analyzes them, based on a set of discovery rules configured by the Varonis administrator. If a change is made to the rules that define the sensitive information, DCE might rescan the data. This can happen due to an update to the ruleset provided by Varonis, or due to a configuration change made to the ruleset by the Varonis administrator.

To accommodate the scanning of data, careful consideration must be given to the amount of data to scan. Ideally, the cache of the Nasuni Edge Appliance should be large enough to contain the dataset that DCE is scanning, in addition to any space necessary for the cache to perform its other tasks. As an example, a 40 TB volume might only have 2 TB of data to scan. In this case, the cache of the Nasuni Edge Appliance should include 3 TB for this scanning task, in addition to any space necessary for the cache to perform its other tasks. This would allow the DCE dataset to remain in the cache, with some allowance for future growth.

Increasing the default number of threads used by DCE to perform scans improves the speed of the DCE scans. Contact Varonis Support for assistance with increasing the thread count for DCE.

Regular scans performed by DCE ensure that the data remains resident in the cache, so it is not necessary to pin specific data to the cache.

Enable “Auto Cache” for the volume, in order to proactively load as much new data created by other Nasuni Edge Appliances as possible.

It might not be possible or practical to specify a cache large enough to contain the entire dataset to be scanned. For example, policy requirements might specify that the entire volume must be scanned by DCE. In such cases, it is critical that the Nasuni Edge Appliance be located as close as possible to the cloud storage provider. This helps to ensure that adequate bandwidth is available for downloading large amounts of data from the object store into the Nasuni Edge Appliance’s cache, as needed. In this scenario, a DCE scan takes additional time to complete, because the Nasuni Edge Appliance must bring required data into the cache, and also evict already-scanned data from the cache to make room for more data, before DCE can perform the specified scans. This frequent rolling-over of the contents of the Nasuni Edge Appliance’s cache would have a negative impact on the end-user experience, further emphasizing the need for a dedicated Nasuni Edge Appliance.

Reserved Instances

Public cloud providers might offer special pricing for reserved instances of virtual machines. This special pricing can provide considerable cost savings over the life of a virtual machine. Consult your cloud provider’s product offering for information about purchasing reserved instances for the dedicated Nasuni Edge Appliance and Varonis Collector.

Varonis 8.6 and above

Note: Varonis has announced the EOL date for Varonis version 8.5 as Q4 2024. At this point, the product is no longer supported or maintained, and customers are advised to upgrade to Varonis version 8.6.

Run DatAdvantage after metadata is pulled into cache

Before the initial scan of a Nasuni volume by Varonis DatAdvantage, ensure that metadata for the volume has been pulled into the cache completely by using the Nasuni File Browser. After the initial scan, metadata changes are minimal, and follow-on scans can automatically trigger the download of the incremental changes.

To bring metadata into the cache, follow these steps:

  1. Log into the Nasuni Management Console (NMC).

  2. Click Volumes.

  3. Click File Browser in the left-hand column.

  4. From the Volume drop-down list, select the volume to scan.

  5. From the Filer drop-down list, select the Nasuni Edge Appliance closest to the Varonis Collector.

  6. In the Version drop-down list, ensure that “Current Version” is selected.

  7. In the Volume Actions area, click “Bring into Cache”. The “Bring Volume Into Cache” dialog box appears.

  8. Select “Bring Metadata Only”.

    Important: If you do not select “Bring Metadata Only”, the Nasuni Edge Appliance starts downloading all of the data on the volume into the cache.

  9. Click “Start Transfer”. This begins the process of copying metadata into the local cache of the Nasuni Edge Appliance.

  10. Monitor the Notifications on the NMC for messages indicating that metadata is being brought into cache and that the job is complete. The message is of the form, “Metadata for entire volume <volume_name> has been successfully brought into cache.”

    Important: This message indicates that the Nasuni Edge Appliance has finished downloading the metadata associated with the volume. However, it is possible that some directories might have been skipped. Nasuni Support can review system logs to determine whether any directories have been skipped.

Connecting a Volume to a New Edge Appliance

After initially configuring Varonis to monitor your volumes, if you connect a monitored volume to a new Edge Appliance, you must configure the new Edge Appliance to send audit events to Varonis. For assistance with updating the configuration, contact Varonis Support.

Note: When a filer is monitored by Varonis, this overrides any existing audit event types that the customer had previously selected. Additionally, allowing customers to revert these changes is not ideal, as it can lead to the loss of audit events. Reverting to the default configuration completely breaks the Varonis integration. All audit events are sent to Varonis except for Close & Metadata, and this is configured externally by Varonis. Speak to Varonis support for guidance.

Obtaining Nasuni API Access key

For Varonis versions after 8.5, the configuration of the AMQP destination and audit policy is managed using the NMC API.

Procedure using Nasuni Edge Appliance UI (Varonis versions before 8.5)

To obtain an API Access Key and Passcode, follow these steps:

  1. On the Nasuni Edge Appliance, click Configuration and select API Access Keys from the drop-down menu. The API Access Keys page appears.

  2. Click Add API Key. The Add API Key dialog box appears.

  3. In the Name text box, enter a name for this API key. Use a name that is meaningful to you, such as “varoniskey”.

  4. Click Create Key. The Nasuni Edge Appliance generates a Key Passcode for this key. The Successfully Generated API Key dialog box appears.

  5. Copy and store the Key Passcode.

  6. Click Close.

  7. The new key appears in the API Access Keys list.

  8. To regenerate the Key Passcode, click Update.

  9. To delete this key, click Delete.

Procedure using Nasuni Management Console (NMC) (Varonis versions before 8.5)

To obtain an API Access Key and Passcode, follow these steps:

  1. Click Filers and select API Keys from the menu on the left. The Filer API Access Key Settings page appears.

  2. Click New API Key. The Add API Access Key dialog box appears.

  3. From the Filer drop-down list, select the Nasuni Edge Appliance.

  4. In the Name text box, enter a name for this API key. Use a name that is meaningful to you, such as “varonis_key”.

  5. Click Add API Key. The Nasuni Edge Appliance generates a Key Passcode for this key. A message appears that includes the Key Passcode.

  6. Copy and store the Key Passcode.

  7. The new key appears in the API Access Keys list.

  8. To regenerate the Key Passcode, click Edit.

  9. To delete this key, click Delete Key.

Nasuni Virtual Resource Recommendations

The following specifications represent the minimum recommended requirements for optimizing the performance of the virtual Nasuni Edge Appliance when used with Varonis DatAdvantage and Varonis DCE. While customers might initially choose to deploy with lower specifications, this can result in slower Varonis scanning performance. Increasing resources beyond these minimums can improve scan times.

Speak to Nasuni Support for guidance.

Nasuni Virtual Filer

When using with DatAdvantage:

  • 8 vCPUs

  • 32 GiB Memory

  • 1 TiB Cache (SSD) providing at least 5000 IOPs

  • 256 GiB COW (SSD)

When using with DatAdvantage and DCE:

  • 16 vCPUs

  • 64 GiB Memory

  • 1 TiB Cache (SSD) providing at least 5000 IOPs

  • 256 GiB COW (SSD)

Varonis Virtual Collector

Refer to the Varonis configuration documentation for sizing guidance.

Known Issues

AMQP Connection Timeout

As agreed with Varonis, we have a supported workaround that mitigates an AMQP connection timeout in the event that the NEA is deployed far away from the Varonis Collector and there is more than 250ms of round-trip latency. This issue has now been addressed and resolved in NEA version 10 and the overall customer recommendation is to update when this becomes available. If updating is not a feasible option at the time, then customers that are running on the latest GA release should continue to use the Nasuni AMQP workaround in the interim until they are able to update to NEA version 10.

Contact the Nasuni Technical Account Team for more details.

Customer-Managed Certificate (Varonis SaaS only)

As of December 2024, there is a Varonis known issue with customers using certificates signed by a trusted Certificate Authority as a direct replacement for the self-signed (system-generated) certificate issued by Varonis.

If you encounter issues with the Nasuni TLS/SSL handshake while establishing an AMQP connection to the Varonis collector, the recommended workaround is to continue using the self-signed certificate.

According to Varonis, this is to be addressed as part of the Varonis SaaS version 15.0 release.

Technical Support

Online self-help resources and Technical Support are available at www.nasuni.com/support.

Related articles