Dell One Identity Manager Scalability and Performance



Similar documents
Governed Migration using Dell One Identity Manager

Top 10 Most Popular Reports in Enterprise Reporter

Logging and Alerting for the Cloud

SharePlex for SQL Server

How to Deploy Models using Statistica SVB Nodes

Identity and Access Management for the Cloud

Understanding Enterprise Cloud Governance

Ensuring High Availability for Critical Systems and Applications

Dell One Identity Cloud Access Manager How to Configure vworkspace Integration

Dell One Identity Cloud Access Manager How to Configure for High Availability

DevOps for the Cloud. Achieving agility throughout the application lifecycle. The business imperative of agility

Proactive Performance Management for Enterprise Databases

Dell Statistica. Statistica Document Management System (SDMS) Requirements

Hybrid Cloud Computing

Eight Ways Better Software Deployment and Management Can Save You Money

Dell One Identity Cloud Access Manager How To Deploy Cloud Access Manager in a Virtual Private Cloud

Understanding and Configuring Password Manager for Maximum Benefits

Dell vworkspace Supports Higher Education s Desktop Virtualization Needs

Managing the Risk of Privileged Accounts and Privileged Passwords in Civilian Agencies

How To Use Shareplex

formerly Help Desk Authority Quest Free Network Tools User Manual

Simplify Your Migrations and Upgrades. Part 1: Avoiding risk, downtime and long hours

Move Data from Oracle to Hadoop and Gain New Business Insights

Defender Delegated Administration. User Guide

Dell InTrust Preparing for Auditing Cisco PIX Firewall

Solving the Security Puzzle

Quest vworkspace Virtual Desktop Extensions for Linux

Web Portal Installation Guide 5.0

Dell Spotlight on Active Directory Server Health Wizard Configuration Guide

Dell Enterprise Reporter 2.5. Configuration Manager User Guide

Dell Statistica Statistica Enterprise Installation Instructions

Object Level Authentication

Navigating the NIST Cybersecurity Framework

10 easy steps to secure your retail network

Introduction to Version Control in

Dell One Identity Cloud Access Manager How to Configure for SSO to SAP NetWeaver using SAML 2.0

Organized, Hybridized Network Monitoring

How to Quickly Create Custom Applications in SharePoint 2010 or 2013 without Custom Code

Identifying Problematic SQL in Sybase ASE. Abstract. Introduction

2.0. Quick Start Guide

Spotlight Management Pack for SCOM

Security Analytics Engine 1.0. Help Desk User Guide

Dell One Identity Cloud Access Manager Installation Guide

Go beyond basic up/down monitoring

Dell InTrust Preparing for Auditing Microsoft SQL Server

4.0. Offline Folder Wizard. User Guide

formerly Help Desk Authority Upgrade Guide

Dell Statistica Document Management System (SDMS) Installation Instructions

Dell One Identity Quick Connect for Cloud Services 3.6.1

Dell One Identity Quick Connect for Cloud Services 3.6.0

Dell InTrust Preparing for Auditing CheckPoint Firewall

New Features and Enhancements

Dell One Identity Cloud Access Manager SonicWALL Integration Overview

System Requirements and Platform Support Guide

Security Features in Password Manager

Dell NetVault Backup Plug-in for SQL Server 6.1

Managing the Risk of Privileged Accounts and Privileged Passwords in Defense Organizations

Dell One Identity Cloud Access Manager How to Configure Microsoft Office 365

About Recovery Manager for Active

Desktop Authority vs. Group Policy Preferences

Best Practices for Secure Mobile Access

Using Self Certified SSL Certificates. Paul Fisher. Quest Software. Systems Consultant. Desktop Virtualisation Group

Quest ChangeAuditor 4.8

Reverse Proxy Three Myths Busted

Dell One Identity Manager 7.0. Help Desk Module Administration Guide

Spotlight on Messaging. Evaluator s Guide

Dell Unified Communications Command Suite - Diagnostics 8.0. Data Recorder User Guide

Quest vworkspace. System Requirements. Version 7.2 MR1

Data center and cloud management. Enabling data center modernization and IT transformation while simplifying IT management

Dell NetVault Backup Plug-in for SQL Server

Dell Migration Manager for Enterprise Social What Can and Cannot Be Migrated

Achieve Deeper Network Security

Quest SQL Optimizer 6.5. for SQL Server. Installation Guide

ChangeAuditor 6.0 For Windows File Servers. Event Reference Guide

Foglight. Managing Hyper-V Systems User and Reference Guide

Dell Recovery Manager for Active Directory 8.6. Quick Start Guide

Dell InTrust Preparing for Auditing and Monitoring Microsoft IIS

Foglight. Foglight for Virtualization, Free Edition Installation and Configuration Guide

Types of cyber-attacks. And how to prevent them

Enterprise Reporter Report Library

formerly Help Desk Authority HDAccess Administrator Guide

Spotlight Management Pack for SCOM

Dell Spotlight on Active Directory Deployment Guide

Best Practices for an Active Directory Migration

Quest Collaboration Services How it Works Guide

Seven Steps to Designating Owners of Unstructured Data

Quick Connect Express for Active Directory

Adopting a service-centric approach to backup & recovery

Defender 5.7. Remote Access User Guide

ChangeAuditor 5.6. For Windows File Servers Event Reference Guide

Oracle Identity Management: Integration with Windows. An Oracle White Paper December. 2004

Achieving High Oracle Performance

Active Directory Change Notifier Quick Start Guide

Foglight for Oracle. Managing Oracle Database Systems Getting Started Guide

Moving Single Sign-on (SSO) Beyond Convenience

Quest Collaboration Services 3.5. How it Works Guide

Oracle Role Manager. An Oracle White Paper Updated June 2009

Dell NetVault Backup Plug-in for Advanced Encryption 2.2. User s Guide

How To Protect Your Active Directory (Ad) From A Security Breach

Transcription:

Dell One Identity Manager Scalability and Performance Scale up and out to ensure simple, effective governance for users. Abstract For years, organizations have had to be able to support user communities beyond their own employee populations. Commonly, identity governance and administration (IGA) products have been used to support both employees and third-party users who require user access to an organization s IT infrastructure. Today, however, potentially millions of external users may need to be registered and have their access carefully managed a significant scalability challenge for many IGA tools. Dell One Identity Manager, however, delivers the scalability you need to manage both your employees and millions of external users throughout the entire identity lifecycle, now and into the future. This technical brief presents the solution s unique architecture and explains how you can scale key components both horizontally and vertically. To help you further improve performance, it also explains best practices for reducing the impact of network latency and limited bandwidth and for best customizing the solution to meet your governance requirements.

Governance Self reg. Business user Admin HR ERP OM Person Cost center Org structure Web portal Identity aggregation Tools Risk SoD History Workflow Simulation Modeling Attestation Service catalog RBAC/ABAC/PBAC Privileged account Data governance Data classification Rules/Roles/Policy Dashboards/Reporting AD LDAP Email SAP Other Cloud applications Connected applications Disconnected applications Data warehouse With Identity Manager, identity governance and administration is driven by business needs, not IT capabilities. Figure 1. Functional architecture of Identity Manager Architecture Functional architecture Identity Manager streamlines the process of managing user identities, access privileges and security enterprisewide. With Identity Manager, identity governance and administration is driven by business needs, not IT capabilities. Identity Manager is based on an automation-optimized architecture that addresses all the key identity and access governance challenges, including provisioning, access request, attestation and recertification at a fraction of the complexity, time and expense of traditional solutions. Figure 1 illustrates the functional architecture of the solution. Identity Manager aggregates user identities from a variety of sources to simplify both the user experience and identity management tasks. It provides a range of tools to facilitate governance, including automated approval workflows and self-service options for users. Critically, it empowers business users, rather than IT, to easily control the process of granting and recertifying access rights, which helps ensure that each user has access to exactly the right set of resources. Access is role-based and closely governed by the policies you configure using the intuitive, web-based interface. Identity Manager components Figure 2 illustrates the components of Identity Manager. They include: Identity Manager database The database is the nerve center of Identity Manager. It stores employee properties, information about user accounts and organizational data, as well as configuration data, such as access permissions, workflow definitions, parameters for controlling system behavior and configuration data for Identity Manager administration tools. Identity Manager supports the following database server platforms: Microsoft SQL Server Oracle Oracle Real Application Cluster (RAC) Web portal The web portal is a web-based application that provides end-user workflows for Identity Manager. For example, using the web portal, users with the appropriate permissions can: Change employee profile data and passwords Enter or edit employee profile data for staff or external users Request, search for, cancel or renew products in the ITShop, an integrated business portal that provides self-service request functionality, reporting, profile 2

Interface Web portal IIS Other target systems Connector AD SAP LDAP SAMBA SP Exch NOTES Admin front end D1IM database Job server Target systems Figure 2. Identity Manager components management, compliance and access governance management, and risk scoring Delegate responsibilities Assign approvals or certification instances Audit rule violations Administrative front ends Identity Manager provides rich configuration tooling for managing identities, controlling processes and configuring the product. It maintains all the data required for the administration of employees, their user accounts, permissions and company-specific roles, and it enables users with the appropriate permissions to easily view and manage that data. Job servers One or more job servers ensure that the data managed by Identity Manager is distributed within the network. Job servers perform data synchronization between the Identity Manager database and connected target systems, and also execute internal actions within the database and at a file level. All endpoints communicate with the central database through an object layer that is implemented in Microsoft.NET. The object layer generates an audit trail of all operations and stores it in the central database. Scaling options Broadly speaking, there are two types of scaling: vertical and horizontal (see Figure 3). To scale vertically (or scale up) means to add resources to a single node in a system. This typically involves adding CPUs or memory to a single computer. To scale horizontally (or scale out) means to add more nodes to a system, such as adding a new computer to a distributed software application. For example, you might scale out from one web server to four. Identity Manager provides rich configuration tooling for managing identities, controlling processes and configuring the product. Scale up Scale out Figure 3. Scaling up versus scaling out 3

Identity Manager uses one main central database, which can be scaled up for maximum performance. Identity Manager has three major components that can be scaled up or scaled out to optimize performance: Database tier Identity Manager web application Job servers Scaling the database tier Scaling up Identity Manager uses one main central database, which can be scaled up for maximum performance. Typically this involves adding more CPUs or memory to the database server. Keep in mind that in addition to storing enormous amount of data, the database tier has to also process data asynchronously to prevent waiting time at the end points. Identity Manager is a true online transactional processing (OLTP) application. Its concurrency controls guarantee that two users accessing the same data in the database system will not both be able to change that data one user will have to wait until the other user has finished processing before being allowed to change that piece of data. And its atomicity controls guarantee that all the steps in transaction are completed successfully as a group. Accordingly, three parameters can affect the overall scalability: The number and speed of available processors for optimizing processing time The amount of memory available (so as much data as possible can be held in memory instead of on disk) I/O throughput, which determines the speed of reading data from and writing data to disk The first two parameters are easy to adjust, since processor and memory cost are no longer deterring factors to any application deployment. I/O can have a significant influence on the overall scalability in fact, we recommend taking at least as much care in optimizing disk I/O as processors or memory. Specific recommendations include: Choose an appropriate number of spindles. More spindles mean more parallel I/O processing. Use solid state disk technology or fusion I/O technology to improve speed. Separate I/O channels for different database data. In particular, use different file groups or tablespaces, at least for log data, temp data and effective load data. Scaling out To reduce the amount of historical data stored in the audit trail of the database tier, Identity Manager can export the audit trail data to a separate history database. As long as a history database is online, Identity Manager s object layer can access this data for reporting, auditing or restoring objects. For horizontal scalability, Identity Manager supports more than one history database. We recommend you plan for using a history database right from the beginning of the project. Depending on your auditing requirements and the related growth of audit data, you may need to add new history databases over time (for instance, one per year). Database capacity planning and sizing Of course, before beginning any application deployments, you should perform capacity planning and sizing for your databases. Dell offers advisor tools to help: SQL Server Oracle Scaling the Identity Manager web application The Identity Manager web application is implemented a standard ASP.NET web application. Scaling out web applications is an easy task: simply install as many web applications as you like. For best load distribution, a load balancing solution is highly recommended. When implementing a load balancing solution, however, beware of using a sticky session configuration. A sticky session ensures that all the subsequent requests will be send to the server that handled the first request corresponding to that request. 4

Scaling the job server An Identity Manager job server is a Windows Server Service or Linux daemon that executes tasks (reads or writes data) on other systems. In identity management, this is typically called synchronization or provisioning; however, Identity Manager Job Services can handle other tasks as well, including changing file systems, creating tickets in service desk solutions, triggering a software installation and much more. Identity Manager can scale out to handle as many job services as are needed for optimized throughput of data. You can add as many job services as you like to one instance of Identity Manager. Job services can be run on multiple machines, or multiple instances of job services can run on one machine to satisfy deployment requirements or to optimize use of available hardware resources. Out of the box, a single job service is configured to allow up to 15 simultaneous tasks (called slots ), which read or write data to other systems in parallel. This default is based on a minimum server hardware configuration (specifically, two processor cores and 4 GB memory). If you have more CPU and memory), you can increase the number of slots per job service instance. Other factors to consider Other factors that can influence the performance and scalability of the Identity Manager ecosystem include: Network latency Bandwidth Product configuration Network latency Network latency is the time required for a packet of data to get from one designated point to another. Network latency will result in performance penalty and can affect users, particularly when they are: Performing batch updates for large amounts of data The overall latency will increase the time it takes to store the data in the database. Using a user front end Whether the front end is a web application or a Windows fat client, the overall application behavior will feel slow. If you encounter these performance issues, be sure to check for latency on the network. Often the problems are due to improper routing configuration or overloaded network components. In particular, if your database is in a corporate storage area network (SAN), ensure the minimum latency for storing data packets in the SAN. Bandwidth Bandwidth is the amount of data that can be transmitted in a fixed amount of time. Limited bandwidth can be a problem in two places: If the bandwidth between the database server and an endpoint (user front end or service) is too small, then it will take more time to transport data packages from the database server to the endpoint and vice versa. Limited bandwidth between a job service and a target system will impact the job service s ability to collect data from the target system when performing a full synchronization. Increasing bandwidth is not always an option, especially when you are forced to use WAN connections. One option for tackling bandwidth bottlenecks is to find the best position for core components. We recommend that you position endpoints with the best possible bandwidth to the database. In case of a job service, that means ensuring that the job service has better bandwidth to the database than to the target system. In case of a user connecting to a web application, make sure that the web server has better bandwidth with the database than the user s machine has with the web server. Other situations might call for other choices. Identity Manager can scale out to handle as many job services as are needed for optimized throughput of data. 5

Identity Manager delivers the scalability you need, enabling you to manage the entire identity lifecycle not only for your employee population, but also for the thousands or millions of external users who need properly governed access to your network. Identity Manager configuration Identity Manager provides a lot of functionality right out of the box, but it can also easily be customized to meet your specific identity and access management and governance requirements. However, to ensure the best performance problems when making configuration changes, keep the following recommendations in mind: Set appropriate indexing on any extensions Identity Manager s database model is extensible. In fact, the model is extended in most customer environments, often for storing attributes and searching objects like users or accounts. For better performance, be sure to set appropriate indexing on any extensions. Use asynchronicity wisely Asynchronicity is a core architectural concept of Identity Manager. It allows for simply storing a change to the database and then using the event-based asynchronous architecture for performing related tasks decoupled. For example, this enables you to use the scale-out options of job services: saving a single change to the database results in a successfully executed task to the end user, even though the task may have triggered a large process that is still being executed in the background. When automating such background processes, be sure to: Minimize the number of heavy scripts Breaking scripts down into smaller pieces will reduce the time required to process each script. Leverage the appropriate job task Identity Manager provides two separates tasks for executing a script: ScriptExec and ScriptExecSingle. ScriptExecSingle makes sure execution is broken and serialized. This is needed, for example, when many processes try to change a central file and every change must be saved before the next change can take place. Keep performance in mind when creating custom processes Through process automation, a single change might result in a huge number of post processes. The number of asynchronous post processes can be influenced by your implementation choices. For example, items in the ITShop are organized into shelves for users to find and request. When a change happens to a shelf in ITShop, the smallest unit of recalculation that might be required after the change is the shelf itself. Therefore, the larger the number of products in a shelf, the larger the number of post calculations, so be sure to watch the size of the shelves in your ITShop, not only in your initial configuration, but as they change over time. Conclusion Identity governance and administration requirements are growing every day. You need a solution that can scale up and out to meet them, today and into the future. Identity Manager delivers that scalability, enabling you to manage the entire identity lifecycle not only for your employee population, but also for the thousands or millions of external users who need properly governed access to your network. To learn more, please visit software.dell.com/products/ identity-manager. 6

For More Information 2015 Dell, Inc. ALL RIGHTS RESERVED. This document contains proprietary information protected by copyright. No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying and recording for any purpose without the written permission of Dell, Inc. ( Dell ). Dell, Dell Software, the Dell Software logo and products as identified in this document are registered trademarks of Dell, Inc. in the U.S.A. and/or other countries. All other trademarks and registered trademarks are property of their respective owners. The information in this document is provided in connection with Dell products. No license, express or implied, by estoppel or otherwise, to any intellectual property right is granted by this document or in connection with the sale of Dell products. EXCEPT AS SET FORTH IN DELL S TERMS AND CONDITIONS AS SPECIFIED IN THE LICENSE AGREEMENT FOR THIS PRODUCT, DELL ASSUMES NO LIABILITY WHATSOEVER AND DISCLAIMS ANY EXPRESS, IMPLIED OR STATUTORY WARRANTY RELATING TO ITS PRODUCTS INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. IN NO EVENT SHALL DELL BE LIABLE FOR ANY DIRECT, INDIRECT, CONSEQUENTIAL, PUNITIVE, SPECIAL OR INCIDENTAL DAMAGES (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, BUSINESS INTERRUPTION OR LOSS OF INFORMATION) ARISING OUT OF THE USE OR INABILITY TO USE THIS DOCUMENT, EVEN IF DELL HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Dell makes no representations or warranties with respect to the accuracy or completeness of the contents of this document and reserves the right to make changes to specifications and product descriptions at any time without notice. Dell does not make any commitment to update the information contained in this document. About Dell Software Dell Software helps customers unlock greater potential through the power of technology delivering scalable, affordable and simple-to-use solutions that simplify IT and mitigate risk. The Dell Software portfolio addresses five key areas of customer needs: data center and cloud management, information management, mobile workforce management, security and data protection. This software, when combined with Dell hardware and services, drives unmatched efficiency and productivity to accelerate business results. www.dellsoftware.com. If you have any questions regarding your potential use of this material, contact: Dell Software 5 Polaris Way Aliso Viejo, CA 92656 www.dellsoftware.com Refer to our Web site for regional and international office information. 7 TechBrief-DellOneIM-Scalability-US-VG-25589

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information