Optimizing cycle duration, scan windows, and subtasks for Enterprise Scanner
Background scanning jobs persist throughout a scan cycle, but are active only during open scan windows.
The efficiency of background scanning relies on carefully calibrating the following items:
vQuantity of IP addresses and assets to scan
vThe duration of the scan cycle
vThe size of subtasks and the size of the smallest scan window
Size of scan windows
You define scan windows for each day in multiples of hours. The shortest possible scan window is one hour; the longest is 24 hours.
Calibration considerations
If a subtask does not finish during a scanning window, one of the following events occur:
vIf another scan window is available during the same scan cycle, the subtask starts from the beginning and runs again in its entirety. The second subtask scans every asset in the subtask, including any that the previous subtask already scanned.
Important: Subtasks that carry over to another scan window during the same scan cycle always start from the beginning, repeating any scanning that occurred in that subtask before the scan window closed.
vIf no more scan windows are available during the scan cycle, the unscanned assets in the subtask, and any unscanned assets in the rest of the job, remain unscanned.
Important: New scan cycles always start from the beginning of the command job even if any tasks or subtasks from the previous scan cycle did not finish.
Discovery cycle duration
The duration of your discovery scan cycle will depend on how frequently you add or change the assets on your network.
vIf your network changes frequently, you should scan more frequently.
vIf your network is fairly stable, you can scan less frequently.
Assessment cycle duration
The duration of your assessment scan cycle will depend on how important it is for you to scan every asset during every scan cycle. Consider the following issues:
vIf you define a scan cycle for a group that contains critical assets only, it is probably important to your network security that you scan each asset during the cycle.
vIf you define a scan cycle for a group that contains assets with different levels of criticality, you might be less concerned if the scan cycle does not scan all the assets with lower criticality.
