Table of ContentsView in Frames

Roles of workloads involved in a performance incident

Performance Manager uses roles to identify the involvement of a workload in a performance incident. The roles include victims, bullies, and sharks. A user-defined workload can be a victim, bully, and shark at the same time.

The following table defines the workload roles:
Role Description
Victim A user-defined workload whose performance has decreased due to other workloads, called bullies, that are over-using a cluster component. Only user-defined workloads are identified as victims. Performance Manager identifies victim workloads based on their deviation in response time, where the actual response time, during an incident, has greatly increased from its expected range of response time.
Bully A user-defined or system-defined workload whose over-use of a cluster component has caused the performance of other workloads, called victims, to decrease. Performance Manager identifies bully workloads based on their deviation in usage of a cluster component, where the actual usage, during an incident, has greatly increased from its expected range of usage.
Shark A user-defined workload with the highest usage of a cluster component compared to all workloads involved in an incident. Performance Manager identifies shark workloads based on their usage of a cluster component during an incident.

Workloads on a cluster can share many of the cluster components, such as storage aggregates and the CPU for network and data processing. When a workload, such as a volume, increases its usage of a cluster component to the point that the component is unable to efficiently meet workload demands, the component is in contention. The workload that is over-using a cluster component is a bully. The other workloads that share those components, and whose performance is impacted by the bully, are the victims. Activity from system-defined workloads, such as deduplication or snapshots, can also escalate into "bullying."

When Performance Manager detects an incident, it identifies all workloads and cluster components involved, including the bully workloads that caused the incident, the cluster component that is in contention, and the victim workloads whose performance has decreased due to the increased activity of bully workloads.
Note: If Performance Manager is unable to identify the bully workloads, it only alerts on the victim workloads and the cluster component involved.

Performance Manager can identify workloads that are victims of bully workloads, and also identify when those same workloads become bully workloads. A workload can be a bully to itself. For example, a high performing workload that is being throttled by a policy group limit causes all workloads in the policy group to be throttled, including itself. A workload that is a bully or a victim in an ongoing performance incident might change its role or no longer be a participant in the incident. On the Volume Details page, in the Events List table, when the selected volume changes its participant role, the date and time of the role change is displayed.