Edge Encryption diagnostics and performance

Monitor Edge Encryption proxy server performance trends and drill into errors generated by the Edge Encryption proxy server.

Edge proxy performance

View key Edge Encryption proxy server performance trends using the Edge Proxy graph set on the ServiceNow Performance homepage. Monitored trends include:

  • Maximum and average response times between the client, proxy server, and instance.
  • CPU, disk space, and memory usage of the host machine.
  • Maximum and average network latency between the proxy server and the ServiceNow instance.
Note: Edge Encryption proxy servers with duplicate names do not report performance trends.

Example of the ServiceNow Performance homepage displaying the Edge Proxy graph.

Edge Processing (Max and Average)

Maximum and average time in milliseconds to process a request. These data points are general trends over time.

  • Total Time: Time for the proxy server to receive a request from a client and send a response. This data point is the sum of the subsequent data points.
  • Proxy Response: Time for the proxy server to process a response from the instance.
  • Proxy-Instance Round Trip: Time for the proxy server to send a request to the instance and receive a response. Includes network latency between the proxy server and the instance and time spent by the instance to process the request.
  • Rules: Time for the proxy server to evaluate a request using defined encryption rules.
  • Proxy Request: Time for the proxy server to process a client request and forward it to the instance.
Edge Proxy Performance (Max and Average)

Maximum and average percentage of resources used on the host machine.

  • CPU Usage
  • Memory Usage
  • Disk Usage
Edge Proxy Latency
Maximum and average network latency in milliseconds at a given point in time. Latency is determined by round-trip time for a proxy server to send a simple ping to the instance and receive a response.

Proxy Error Reports

Navigate to Edge Encryption Configuration > Diagnostics and Troubleshooting > Proxy Error Reports to view all proxy server errors collected over the past seven days.

Example Proxy Error Report displaying common error codes.

Errors are collected over a one-minute period. Each minute, an error report is generated. The vertical axis displays the number of error reports over the last seven days that include each error. For example, even if the DEFAULT_ERROR_CODE error is thrown multiple times over a one-minute report period, the DEFAULT_ERROR_CODE bar will only reach one on the Number of Error Reports axis.

From this view, you can:

  • Click each proxy error code bar to see the report on a single error for each proxy server. From this view, you can click the bar again to view the error text in the Edge Encryption Proxy Stat table [edge_encryption_stat]. Follow links in the error text to see more information and possible remediation steps.
  • Click Other to see page two of the error report.
Note: If you have more than one proxy server with the same name, a single DUPLICATE_PROXY_NAME error appears in the Proxy Error Report. No other errors are reported for proxy servers with duplicate names. If you encounter this error, make sure that all proxy servers have unique names.

Additional monitoring resources

The instance tracks all encryption proxies. Each Edge Encryption proxy server registers when it starts up. The instance is notified when:
  • A new Edge Encryption proxy server starts up.
  • An Edge Encryption proxy server is intentionally shut down.

If an Edge Encryption proxy server attempts to register with an instance that does not have Edge Encryption installed, the proxy does not start.

All encryption configuration files are audited. Deleted records are audited on all encryption configuration files. Audit records are put in the sys_audit table. To view the history of a specific configuration record, view the record, and click History > List in the menu. The Mass Encryption Job is not audited.

Use the following additional resources to monitor you proxy servers.

Table Description
Invalid Insert Attempts

[sys_edge_encryption_invalid_insert_log]

List of attempts to save the following data to encrypted fields:
  • Unencrypted data.
  • Data that did not come from an Edge Encryption proxy.

The instance rejects and then logs any attempts to save this data. If you have the security-admin role, you can view the logs in the Invalid Insert Attempts list.

Job Failures

[sys_encryption_job_execution]

A list of jobs that did not execute successfully.
System logs The instance periodically checks for messages from each registered proxy server. If a proxy server has not sent a message in the required time frame, an error is logged. The log message contains information about the encryption proxy and the last time the proxy pinged the instance. If the instance determines that none of the encryption proxies are online, it logs a message. These messages are added to the system log.

Disable or reduce Edge Proxy statistic collection

Prevent the Edge Encryption proxy server from sending Edge Proxy Graph Set statistics to the ServiceNow Performance homepage, or reduce the frequency of statistic collection.

Before you begin

Role required: admin or security_admin

About this task

By adding properties in the edgeencryption.properties configuration file, you can:
  • Disable the Edge Proxy graph set.
  • Change the interval during which statistics are collected by the Edge Encryption proxy server. By default, statistics are collected every 30 seconds.

Procedure

  1. In your proxy server installation directory, open the edgeencryption.properties configuration file located in the <installation directory>/conf/ folder.
  2. Add one of the following properties.
    Property Description
    edgeencryption.stat.collection.enabled

    Enables the collection of statistics used by the Edge Encryption proxy server performance dashboard.

    • Default value: true

    Add this property and set the value to false to disable the collection of statistics used by the Edge Encryption proxy server performance dashboard. After adding proxy server performance properties, you must restart the proxy server for the change to take effect.

    edgeencryption.stat.collection.interval Interval length in seconds during which the Edge Encryption proxy server collects statistics. The value cannot be less than 30 seconds.
    • Default value: 30

    After adding proxy server performance properties, you must restart the proxy server for the change to take effect.

  3. Restart the proxy server.