Symantec Access Management

  • Private Community
 View Only

  • 1.  Assistance with hardware sizing and tuning parameters for handling around 10k users

    Posted Apr 28, 2026 02:28 AM

    Hello everyone,

    We have a SiteMinder setup and would appreciate your guidance on hardware sizing and tuning parameters for handling around 10k users.

    Note: As we require immediate logout, we have configured the session validation period to 1 second in the realm, ensuring that every request is validated by the Policy Server.

    We would be grateful for your suggestions on the following:

    • Recommended number of Policy Servers (Linux)
    • Required number of SAG/Web Agent servers (Linux)
    • Suggested CPU and RAM sizing for Policy Servers and SAG/Web Agents
    • Key tuning parameters for optimal performance

    Any insights or best practices based on similar implementations would be highly appreciated.

    Thank you in advance for your support.



    ------------------------------
    Best regards,
    Ramarao P
    ------------------------------


  • 2.  RE: Assistance with hardware sizing and tuning parameters for handling around 10k users

    Broadcom Employee
    Posted Apr 29, 2026 01:24 PM

    There was another performance-related question recently. See https://community.broadcom.com/discussion/siteminder-performance-issue-high-response-time-28s-during-2k-load-test

    This other question was not asking for hardware sizing but instead asked how to tune a SiteMinder infrastructure for performance.

    I have included a variety of tuning parameters, methods, and approaches in my responses to the other question.

    The most common performance bottleneck encountered are the User Stores. For example, Active Directory tends to be much slower than Symantec Directory when it comes to LDAP performance.

    We also have customers running SiteMinder Policy Servers for their internal corporate users using just 4 SM PS servers (2 per data center) sustaining over 1,000 requests per second.

    "Session Validation Period" so I'm assuming you'll be using a Session Store, for example on Symantec Directory. Closely follow the SiteMinder documentation when creating and configuring the session store LDAP directories (https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/installing/install-a-policy-server/configure-ldap-directory-servers-as-policy-session-and-key-stores/configure-ca-directory-as-a-session-store.html). Also, review the Symantec Directory documentation on performance tuning (https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/directory/14-1/performance-and-tuning.html).

    Please review the other Community Discussion post for additional information.

    -------------------------------------------