Administration Guides

Planning New application Workloads Best Practice



When adding new applications that will mount cluster storage or new work flows, it is a good idea to monitor the IO of these new workloads using Monitored path, user or IP to allow learning mode to monitor the behavior of this new workload.  This allows learning mode (Release 2.5.7 or later) to monitor this work load and customize settings for this workload.   

When to use this process? 

If you are currently in enforcement mode with user lockout mode enabled, then you can follow this process when adding a new application or workload to your environment.


  1. Release 2.5.7 or greater

Best Practice 

  1. Set up Monitoring
    1. This will monitor , detect, raise alerts and create snapshots to protect the workload but it will not lockout the application.  Guide here.
      1. If your application uses a service account to access the storage with an AD user, configure a monitor only setting under the settings menu of the Ransomware Defender icon.  Enter the user domain\username and save the configuration.
      2. If the application uses NFS, then add a host ip entry on the monitor only settings and save the configuration.
  2. Enable Learning mode
    1. This mode requires monitor mode enabled and then learning mode.  See the guide here.  
  3. Wait several days with the workload running or until no warnings appear in the active events window of Ransomware Defender. Review the Flag as False positive tab and locate the service account or IP host from above steps.
    1. If no entry is found then the workload behavior is not going to be locked out.  You can chose to leave the monitor only setting for this user or ip host OR you can remove the monitor only setting and disable learning mode and monitor mode to return to enforcement mode.
    2. If there is an entry for this user or ip host, then monitor for another day to verify the multiplier value stays the same.  This means that the settings are correct to avoid any detections and lockouts for this workload.

© Superna Inc