Symantec IGA

 View Only
  • 1.  Identity Governance performance and limitation

    Posted Aug 14, 2024 07:21 AM

    Hello Team, Charly Setbon here.

    I was wondering from your recent experience and from IG support, how many resources (or user/res links) can IG hold, assuming a strong vAPP architecture (say 5 to 10 powerfull vAPPs machines)

    Customer is concerned on the number IG can support for certification/import and may push back if I can't back up my confidence in the product with real numbers from the field.

    Any input will be highly appreciated. 

    Thanks friends.

    Charly Setbon +972 523-777-004 (or whatsapp +1 631-972-3100)



  • 2.  RE: Identity Governance performance and limitation

    Broadcom Employee
    Posted Aug 14, 2024 09:13 AM
    Hey Charly,
    A cluster of powerful vApps doesn't really help.

    We do have this:
    https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/identity-governance/14-5/installing/optimize-your-installation.html

    It really comes down to how many elements will be held in cache?

    What types of imports will you be using and such.

    The doc link above states:
    We recommend, for a 64bit system, that you allocate approximately 3GB of
    cache memory (RAM) for every 1,000,000 elements allowed in cache memory (3
    * maxElementsInMemory).

    So if you are importing a million groups from say an AD endpoint then 3
    gig, However if you are importing a million groups and a million other
    things, then you need 6 gig per server.

    How will your campaigns be running? Will you have more than one at at time?
    You will need to calculate this number for each universe, and then Repeat
    this procedure for each server in the cluster. Using the example above, if
    2 universes are running 1 certification each with the same number of users,
    resources and roles, then you would want 12 gig.

    Reset Cache Limits
    To support large configurations, you can expand the cache memory limits.
    Cache memory is defined by the number of elements (users, resources, roles,
    and so on) that can be held in the cache at once. When the cache is full,
    elements are swapped in and out of memory, which can affect performance.
    The default setting limits the memory cache to 500,000 elements.

    Bill Patton
    --
    Please visit our new training site https://imsacademy.broadcom.com for free
    Identity Security product videos.

    Certified Customer Success Manager (CCSM) Level 1

    --
    This electronic communication and the information and any files transmitted
    with it, or attached to it, are confidential and are intended solely for
    the use of the individual or entity to whom it is addressed and may contain
    information that is confidential, legally privileged, protected by privacy
    laws, or otherwise restricted from disclosure to anyone else. If you are
    not the intended recipient or the person responsible for delivering the
    e-mail to the intended recipient, you are hereby notified that any use,
    copying, distributing, dissemination, forwarding, printing, or copying of
    this e-mail is strictly prohibited. If you received this e-mail in error,
    please return the e-mail to the sender, delete it from your computer, and
    destroy any printed copy of it.




  • 3.  RE: Identity Governance performance and limitation

    Posted Aug 14, 2024 09:34 AM

    Thank you Bill for the quick answer.

    So Assuming the customer has 14k users, and 29M user/resource links.

    As long as I do the math for the cache calculation, and assuming i can allocate enough memory in my -Xmx and my vAPP has enough RAM to support that, then IG will support 1 universe with 1 active campaign for these 29M links? Also import should finish in a timely manner, say less than 8 hours?

    Thanks again.