Topology Considerations
Applies To: Forefront Identity Manager, Forefront Identity Manager 2010
You can deploy Microsoft® Forefront® Identity Manager (FIM) 2010 components on the same server or among multiple servers in multiple configurations. The topology that you select for your deployment affects the performance that you can achieve from FIM 2010. This section introduces multiple FIM 2010 deployment topologies that you may consider implementing.
Note
For additional information about FIM 2010 topologies, see Preinstallation and Topology Configuration.
Topological Components
You can run several FIM 2010 components on the same computer or distributed among multiple computers. The following table describes topology options for the FIM 2010 components.
Component | Description | Topology options |
---|---|---|
FIM Portal |
Interface for performing password resets, group management, and administrative operations |
Host on the same computer as the other FIM 2010 R2 components, subdivide it onto a separate server, or expand to a Network Load Balancing (NLB) cluster |
FIM Service |
web service that implements FIM 2010 R2 identity management functionality |
Host on the same computer as the other FIM 2010 R2 components, place on a separate server, or implement an NLB cluster |
FIM Synchronization Service |
Synchronizes data with other identity stores |
Host on the same computer as the other FIM 2010 components, place on a separate server |
Microsoft SQL Server |
FIM Service and FIM Synchronization Service store their data in independent SQL databases |
Host on the same computer as the other FIM 2010 components, place on a separate server, or implement a server cluster |
Multitier Topology
The multitier topology is the most commonly used topology. It offers the greatest flexibility. The FIM 2010 R2 Portal, FIM 2010 R2 Service, and databases are separated into tiers and deployed on multiple computers. This topology adds flexibility in scaling the different FIM 2010 R2 components. For example, you can scale the FIM 2010 R2 Portal horizontally by adding additional servers in an NLB cluster. Similarly, you can scale the FIM 2010 R2 service by using an NLB cluster and by increasing the number of computers (nodes) in the cluster as needed.
In the multitier topology, a dedicated computer to host each SQL database (one for the FIM 2010 R2 Service and another for the FIM 2010 R2 Synchronization Service) is allocated. The scalability of the performance of the computers that host the SQL databases can be increased by adding or upgrading hardware, for example, by upgrading the CPUs, adding additional CPUs, increasing random access memory (RAM) or upgrading the RAM, or upgrading the hard drive configurations to increase read and write access and decrease latency.
In this configuration, the FIM 2010 R2 Synchronization Service and its database are hosted on the same computer. However, you should be able to achieve similar performance if there is a one-gigabit dedicated network connection between the FIM 2010 R2 Synchronization Service and its database when they are hosted on separate computers. For an example of a tested scenario illustrating the FIM 2010 R2 Synchronization Service hosted on the same computer as its database compared with a scenario in which the database and service are hosted on different computers, see Performance Testing FIM Service.
Multitier Topology with Multiple FIM Services
Synchronization of data with external systems can add a considerable load to the system and run over an extended period of time. If the synchronization configuration results in triggering policies with workflows, these policies contend for resources with end-user workflows. Such issues can be pronounced with authentication workflows, such as password resets, which are done in real time with an end user waiting for the process to complete. By providing one instance of the FIM 2010 R2 Service for end user operations and a separate portal for administrative data synchronization, you can provide better responsiveness for end-user operations.
As with the standard multitier topology, you can increase FIM 2010 R2 Portal performance by using an NLB cluster and by increasing the number of nodes in the cluster as needed.
The performance computers running SQL Server that host the FIM 2010 R2 Synchronization Service and the FIM 2010 R2 Service database will dramatically influence the overall performance of your FIM 2010 deployment. Therefore, follow the recommendations in SQL Server documentation for optimizing database performance. See the following documents for more information:
Storage Top 10 Best Practices(https://go.microsoft.com/fwlink/?LinkID=183663)
Optimizing tempdb Performance(https://go.microsoft.com/fwlink/?LinkID=188267)
SQL Server Best Practices Article (https://go.microsoft.com/fwlink/?LinkID=188268)
See Also
Concepts
FIM Synchronization Service Performance for Different Topologies
Capacity Planning Guide
Performance Testing FIM Service
Performance Testing FIM Synchronization