Large Profile Performance Testing FIM Service

  • Article

Applies To: Forefront Identity Manager, Forefront Identity Manager 2010

The FIM 2010 R2 performance testing includes three different customer profiles: small, medium, and large. The large customer profile customer scale and load assumptions are shown in this document.

Scale

The scale that was used for the test was to simulate an organization of approximately 200,000 users over a six-month period. The test simulated group management, password reset, and user profile management scenarios. The test environment was populated with the following objects, representing users, groups, Active Directory® domains, and FIM policy configuration objects:

  • Users: 200,000

  • Groups: 457,759

    • Static distribution groups: 262,167

    • Dynamic distribution groups: 6,000

    • Security groups: 189,592

  • FIM Policy configuration objects: 347

    1. Domain configurations: 13

    2. Management Policy Rules (MPRs): 132

    3. Sets: 121

    4. Synchronization rules: 81

  • Expected rules entries (EREs): 3.1 million

  • Workflow instances: 1.6 million

  • Request resources: 9.6 million

Load

For each set of tests that were performed, the scale and load was a simulation based on 101,000 users expected operation. The test assumed an average of 30 concurrent users performing operations during the test period. This resulted in approximately 1,853 operations per hour.

Operation Hourly usage

User profile operations – viewing and updates

5

User profile operations – search user

30

Distribution Group – Create

27

Distribution Group – Change membership

517

Distribution Group – Update properties

222

Distribution Group – Read Details

18

Distribution Group – Search

375

Distribution Group – Delete

9

Security Group – Create

9

Security Group – Change membership

40

Security Group – Update properties

35

Security Group – Read Details

17

Security Group – Search

117

Security Group – Delete

5

Request – Approve

366

Request – Reject

16

Request - Cancel

5

Password reset - registration

62

Password reset – reset password

26

Password reset – registration verification

413

Note

Most of the operations in the table are simulated as a number of page navigations through the FIM portal. The simulation that is documented in the table equals about 650 distinct visits per hour to the FIM Portal home page.

Topology and Hardware

The test environment used a multitier topology as described in Preinstallation and Topology Configuration.

Hardware components Servers hosting the FIM Portal and FIM Service Servers hosting the FIM Service database and FIM Synchronization Service database

Processors

One Intel Core2 Quad Q6600 (quad core) 2.4 gigahertz (GHz)

Four Intel Xeon E5410 (quad core) 2.33 GHz

Memory

  • DDR2

  • 667

  • ECC

  • SDRAM

4 gigabytes (GB)

32 GB

Physical disks

  • Serial Attached SCSI (SAS)

  • 10,000 RPMs

  • 6 GB/sec throughput

  • 2.99 ms latency

  • Track-to-track read speed of .2 ms and write speed of .4 ms

  • Average read .8 ms and write speed 4.3 ms

  • Maximum read speed of 8.0 ms and write speed of 9.0 ms

Single 136-GB hard drive

Eight 136-GB hard drives. Configuration:

  • C: Single hard drive for operating system and applications

  • D: Single hard drive for Structured Query Language (SQL) logs (.ldf file type)

  • F: Six drives in disk stripe (RAID 0) for SQL data files (.mdf file type)

Results

The following table provides a summary of the FIM Portal operations that were tested and the time it took on average for each operation to complete.
Operation Elapsed time (seconds)

Loading the FIM Portal

 1.82

Opening the My Distribution Groups link

  .72

Creating a static distribution list *

13.76

Searching for a group

 4.00

Joining a group *

10.47

Approving a request *

 6.01

Password reset registration *

13.06

Password reset *

 5.23

Note

Operations with an asterisk (*) required multiple portal navigations and represent the cumulative time taken to perform the operation.

The following chart depicts the memory and CPU performance of the server that runs SQL and hosts the FIM Service database during the test period.

FIM Service SQL Server Performance

FIM Service Database

Disk usage of the FIM Service database was tracked over a 21-day simulated period. Each daily simulation comprised eight hours of daily simulated load on the system. The eight-hour load comprised two hours of peak usage followed by the six hours of normal usage. The previously described hardware, topology, and scale were used for this test. The load details are described in the following table.

Action Normal hourly usage Peak hourly usage Total daily load

User profile operations – viewing and updates

5

15

60

User profile operations – search user

20

60

240

Distribution Group – Create

27

81

324

Distribution Group – Change membership

517

1551

6204

Distribution Group – Update properties

222

666

2664

Distribution Group – Read Details

18

54

216

Distribution Group – Search

375

1125

4500

Distribution Group – Delete

9

27

108

Security Group – Create

9

27

108

Security Group – Change Membership

40

120

480

Security Group – Update properties

35

105

420

Security Group – Read Details

17

51

204

Security Group – Search

117

351

1404

Security Group – Delete

5

15

204

Request – Approve

366

1098

4392

Request – Reject

16

48

192

Request - Cancel

5

15

60

Password reset - registration

62

186

744

Password reset – reset password

26

78

312

Password reset – registration verification

413

1239

4956

Note

Most of the operations that are described in the table are simulated usage of the FIM Portal. On average, the simulation that is described in the table resulted in 7,800 distinct visits to the FIM Portal home page daily.

The resulting FIM Service SQL database data usage was observed, as documented in the following table.

Day measured Data and index disk space used (MB) Total number of objects in the database Total change in number of objects in the database

0

245,012

16,766,264

0

10

249,531

17,106,241

339,077

30

258,567

17,786,195

1,019,931

Note

The SQL data files were preallocated to ensure ample space for the expansion of the database. The reported increases in size are based on the use of the preallocated space.

Initial Data Migration from Active Directory Domain Services

When you migrate data from Active Directory Domain Services (AD DS) for a large domain, be aware that the process can take days or weeks to complete. For example, an export of 535,000 objects, in which 425,000 groups were marked to be managed by FIM 2010 that generated a total of 3 million expected rules entries (EREs), took 13.5 days to complete. In this example, there were two major steps performed.

FIM Initial Synchronization Steps

  1. Data was imported from AD DS into the FIM Synchronization Service database.

  2. Data was exported from the FIM Synchronization Service using the AD DS Management Agent in the FIM Service database.

See Also

Concepts

Large Profile Performance Testing Hardware
Performance Testing FIM Synchronization
Topology Considerations
Capacity Planning Guide