jwilleke Honored Contributor.
Honored Contributor.
292 views

20,000 + users Running on Windows - Anyone?


Looking to discover any implementations on the Windows Platform running
the IDV and DirXML Engine on Windows in larger deployments.

Would love to know of general or specific issues encountered within
performance and support.

Thanks
-jim


--
jwilleke
------------------------------------------------------------------------
jwilleke's Profile: https://forums.netiq.com/member.php?userid=401
View this thread: https://forums.netiq.com/showthread.php?t=53503

Labels (1)
0 Likes
10 Replies
Knowledge Partner
Knowledge Partner

Re: 20,000 + users Running on Windows - Anyone?

When you write windows' are you referring to a standalone system or a
microsoft active directory (MAD) environment? If the former, I've never
seen anybody do that, but you'd probably only be needing to worry about
subscriber channel stuff, and any limits would be those imposed by
microsoft (can a single system handle that many users, etc.). If the
latter, that's not terribly uncommon, and the only issues I've seen have
been problems with tools scaling on the MAD size; for example, are all
user in the same container? If so, loading AD Users and Computers may
take a while when going into that container; searching/filtering within
that tool becomes common.

Since IDM is focused on being event driven, even with polling for events
from MAD, there really isn't much to worry about as users increase other
than how many events those increased numbers of users cause as a whole per
period of time, and generally speaking that comes int he form of password
changes. 20,000 / 90 (day) is only 222-ish password changes per day,
which is nearly nothing.

Another possible concern is around groups and how the MAD interface lets
you retrieve their membership. IF you have groups of all users and you
ever try to retrieve an entire group of all 20,000 users at once, I do not
know if the MAD size lets that happen yet. There used to be limits of
5,000 or 7,500 membership total, even when changing defaults. Normal
group membership changes (when configured properly) will send only what
changes one at a time, so you can handle any size of a group, but if you
want an entire group to come over to IDM at once that limitation may still
be in place. This usually only applies to an initial migration scenario,
vs. a day-to-day maintenance consideration.


--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...
0 Likes
jwilleke Honored Contributor.
Honored Contributor.

Re: 20,000 + users Running on Windows - Anyone?


Looking for " implementations on the Windows Platform running the IDV
and DirXML Engine" (which I assumed DirXML Engine implies using
eDirectory) So I guess in your terms more like a "member" server running
in Microsoft Active Directory environment running the IDV and DirXML
Engine with eDirectory.

Thanks
-jim


--
jwilleke
------------------------------------------------------------------------
jwilleke's Profile: https://forums.netiq.com/member.php?userid=401
View this thread: https://forums.netiq.com/showthread.php?t=53503

0 Likes
Knowledge Partner
Knowledge Partner

Re: 20,000 + users Running on Windows - Anyone?

On Tue, 19 May 2015 12:04:01 +0000, jwilleke wrote:

> Looking for " implementations on the Windows Platform running the IDV
> and DirXML Engine" (which I assumed DirXML Engine implies using
> eDirectory) So I guess in your terms more like a "member" server running
> in Microsoft Active Directory environment running the IDV and DirXML
> Engine with eDirectory.


I'm not sure if this is still true, but it used to be that you'd get
slightly better performance on a member server vs. a DC. Windows used to
disable write caching on DCs. Maybe it still does, I don't know, I
haven't looked in to that lately.


--
--------------------------------------------------------------------------
David Gersic dgersic_@_niu.edu
Knowledge Partner http://forums.microfocus.com

Please post questions in the forums. No support provided via email.
If you find this post helpful, please click on the star below.
0 Likes
cpedersen Outstanding Contributor.
Outstanding Contributor.

Re: 20,000 + users Running on Windows - Anyone?

On 5/19/15 2:04 PM, jwilleke wrote:
>
> Looking for " implementations on the Windows Platform running the IDV
> and DirXML Engine" (which I assumed DirXML Engine implies using
> eDirectory) So I guess in your terms more like a "member" server running
> in Microsoft Active Directory environment running the IDV and DirXML
> Engine with eDirectory.


20k users is not a problem.

The only thing is that Linux is easier to troubleshoot than Windows, and
also Linux scales better, and some things are way easier. Otherwise
there should be no problem in doing what you want.


Casper

0 Likes
Knowledge Partner
Knowledge Partner

Re: 20,000 + users Running on Windows - Anyone?

On Tue, 19 May 2015 10:17:03 +0000, jwilleke wrote:

> Looking to discover any implementations on the Windows Platform running
> the IDV and DirXML Engine on Windows in larger deployments.
>
> Would love to know of general or specific issues encountered within
> performance and support.


My ID vault is split between three "servers", two Linux and one Windows.
The Linux "servers" are actually HA cluster nodes, though that doesn't
matter for this discussion. I don't know how many users that is, but it's
well above 20K. The IDM drivers are split between one of the Linux
servers and the Windows server. The other Linux server only hold replicas.

Really, no problems with this to report. It's been working fine for years
now, and I expect it'll continue to do so. Performance of NTFS isn't as
good as (insert your choice of Linux file systems here), but it's
acceptable in most cases, and you can crutch it with good hardware. My
only real complaints are that familiar Linux tools aren't available on
Windows, but you can mostly solve that with Cygwin or just learn to live
without.


--
--------------------------------------------------------------------------
David Gersic dgersic_@_niu.edu
Knowledge Partner http://forums.microfocus.com

Please post questions in the forums. No support provided via email.
If you find this post helpful, please click on the star below.
0 Likes
Knowledge Partner
Knowledge Partner

Re: 20,000 + users Running on Windows - Anyone?

David Gersic <dgersic@no-mx.forums.microfocus.com> wrote:
>
> Really, no problems with this to report. It's been working fine for years
> now, and I expect it'll continue to do so. Performance of NTFS isn't as
> good as (insert your choice of Linux file systems here), but it's
> acceptable in most cases, and you can crutch it with good hardware. My
> only real complaints are that familiar Linux tools aren't available on
> Windows, but you can mostly solve that with Cygwin or just learn to live
> without.
>


Same experience (one customer have worked at had approx 20k) - performance
in general hasn't been a huge problem with such user counts. As Aaron said
it really is more about how many events are generated rather than number of
users.

you adjust tool-wise.
We run remote loaders, edir/idvault on windows

--
If you find this post helpful and are logged into the web interface, show
your appreciation and click on the star below...
Alex McHugh - Knowledge Partner - Stavanger, Norway
Who are the Knowledge Partners
If you appreciate my comments, please click the Like button.
If I have resolved your issue, please click the Accept as Solution button.
0 Likes
Knowledge Partner
Knowledge Partner

Re: 20,000 + users Running on Windows - Anyone?

On 5/19/2015 10:53 AM, Alex McHugh wrote:
> David Gersic <dgersic@no-mx.forums.microfocus.com> wrote:
>>
>> Really, no problems with this to report. It's been working fine for years
>> now, and I expect it'll continue to do so. Performance of NTFS isn't as
>> good as (insert your choice of Linux file systems here), but it's
>> acceptable in most cases, and you can crutch it with good hardware. My
>> only real complaints are that familiar Linux tools aren't available on
>> Windows, but you can mostly solve that with Cygwin or just learn to live
>> without.
>>

>
> Same experience (one customer have worked at had approx 20k) - performance
> in general hasn't been a huge problem with such user counts. As Aaron said
> it really is more about how many events are generated rather than number of
> users.
>
> you adjust tool-wise.
> We run remote loaders, edir/idvault on windows


We found strange comms problems where eDir looses comms with other
replicas when the network drops. A swap to Linux and the issue went
away. very odd.


0 Likes
Knowledge Partner
Knowledge Partner

Re: 20,000 + users Running on Windows - Anyone?

On Tue, 19 May 2015 16:41:44 +0000, Geoffrey Carman wrote:

> On 5/19/2015 10:53 AM, Alex McHugh wrote:
>> David Gersic <dgersic@no-mx.forums.microfocus.com> wrote:
>>>
>>> Really, no problems with this to report. It's been working fine for
>>> years now, and I expect it'll continue to do so. Performance of NTFS
>>> isn't as good as (insert your choice of Linux file systems here), but
>>> it's acceptable in most cases, and you can crutch it with good
>>> hardware. My only real complaints are that familiar Linux tools aren't
>>> available on Windows, but you can mostly solve that with Cygwin or
>>> just learn to live without.
>>>
>>>

>> Same experience (one customer have worked at had approx 20k) -
>> performance in general hasn't been a huge problem with such user
>> counts. As Aaron said it really is more about how many events are
>> generated rather than number of users.
>>
>> you adjust tool-wise.
>> We run remote loaders, edir/idvault on windows

>
> We found strange comms problems where eDir looses comms with other
> replicas when the network drops. A swap to Linux and the issue went
> away. very odd.


So you're saying that eDir / Linux *continues* to communicate when the
network is not available? That'd be a nice trick to see. 😉

Seriously, I've not seen this happen here.


--
--------------------------------------------------------------------------
David Gersic dgersic_@_niu.edu
Knowledge Partner http://forums.microfocus.com

Please post questions in the forums. No support provided via email.
If you find this post helpful, please click on the star below.
0 Likes
Knowledge Partner
Knowledge Partner

Re: 20,000 + users Running on Windows - Anyone?


>> We found strange comms problems where eDir looses comms with other
>> replicas when the network drops. A swap to Linux and the issue went
>> away. very odd.

>
> So you're saying that eDir / Linux *continues* to communicate when the
> network is not available? That'd be a nice trick to see. 😉


Hehe. Funny. More about when the network comes back, eDir just is not
listening on 524 anymore. Or at least not taking any incoming
connections on it. Very odd.


> Seriously, I've not seen this happen here.
>
>


0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: 20,000 + users Running on Windows - Anyone?

On 5/19/2015 6:17 AM, jwilleke wrote:
>
> Looking to discover any implementations on the Windows Platform running
> the IDV and DirXML Engine on Windows in larger deployments.
>
> Would love to know of general or specific issues encountered within
> performance and support.
>
> Thanks
> -jim
>
>

I've personally setup and configured an IDM system for nearly 250,000
users - and that was IDM 2 on Windows 2003! I'm currently working at a
customer site with 150k users in the IDV with over 30k highly active
(daily logins) and ~20 drivers including 2 AD drivers. All this is on
IDM 3.6.1 on 3 (IDV) Windows2008R2 32-bit servers (currently in the
process of migrating this over to IDM 4.5 on 64-bit Server2012). It all
depends on how it's built. I've seen Linux-based IDM system brought to
it's knees in a bad deployment and the same in Windows-based systems.
With current OSs I have practically zero concern over which platform to
run IDM on. This decision is much more around the customer's ability to
support the platform than anything. I'd consider it a huge mistake to
put IDM on Linux if the customer doesn't have any other Linux servers in
their environment and/or doesn't have an appropriate support staff and
processes. If the customer runs both, pick the one that has the best
systems management. I'd say that I've done as many Windows deployments
as Linux but currently about 75% of new deployments are on Windows.
However, once again it's more about how well it's built. Ensure eDir
memory allocations are sufficient (out-of-box is NEVER sufficient on any
platform for anything but the smallest deployments), ensure indexes are
established for every attribute searched by any driver/workflow, keep
driver code efficient and work to minimize chatty-ness, ensure DIB cache
size is appropriate, utilize remote loaders even on the same box, etc.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.