[midPoint] MidPoint and server hardware utilization

Jason Everling jeverling at bshp.edu
Mon Feb 18 18:03:07 CET 2019 

This right here " Indeed, the resources are spread across the country, not
in one central location, midPoint is accessing them by IPSec VPN over
WAN. " is probably your number one slow down, especially if they have 100
projections.

the other you already fixed and or are fixing, " direct connecting Linux
boxes to midPoint" , that one also caused us many slowdowns so I also
removed them and are managing through ldap group memberships which
powerborker (pbis open) and sssd use for access permissions. Currently also
moving from powerbroker to sssd as I think the product is sunsetting
sometime in the near future



On Mon, Feb 18, 2019 at 10:13 AM Wojciech Staszewski <
wojciech.staszewski at diagnostyka.pl> wrote:

> Thank all of you for the answers.
> The server is bare metal, not VM.
> Indeed, the resources are spread across the country, not in one central
> location, midPoint is accessing them by IPSec VPN over WAN.
> Till 07.2019 I'll connect many more. This can slow down the server tasks
> for sure.
> But I quit from direct connecting Linux boxes to midPoint and now I use
> FreeIPA for Linux users (not yet managed by midPoint as I currently have no
> idea how to do it),
> because the Linux connector is pretty problematic, so I removed over 200
> resources from midPoint.
> The users having 100+ projections were unable to display at all ;)
>
> I'll read about profiling and consistency, thanks for pointing that.
> Thanks!
> WS
>
> W dniu 18.02.2019 o 16:46, Davy Priem pisze:
> > Indeed, that’s a beast. I have about 20 000 users with an average of 10
> projections per user running on 16GB of RAM and 4 cores. I hope that beast
> is not a virtual server because that would give the worst possible cpu
> performance ever.
> >
> > Davy Priem
> > IT technical coordinator VIVES University
> >
> >> Op 18 feb. 2019, om 16:23 heeft Jason Everling <jeverling at bshp.edu
> <mailto:jeverling at bshp.edu>> het volgende geschreven:
> >>
> >> yep, that's a beast of a server for such a low count. If you do get a
> 2nd, you could turn them into a virtualization cluster and run midpoint as
> well as other applications. I still think you would have issues with
> midpoint being slow.
> >>
> >> You need some performance measuring done to see what is slowing it
> down, my guess is the resource response times are slowing you down. This is
> where a subscription would come in handy, maybe you need some optimization
> done to templates, mappings, etc..
> >>
> >>
> >>
> >> On Mon, Feb 18, 2019 at 9:19 AM Arnošt Starosta - AMI Praha a.s. <
> arnost.starosta at ami.cz <mailto:arnost.starosta at ami.cz>> wrote:
> >>
> >>     Hi Wojciech,
> >>
> >>     that's a lot of HW and i have no true solution to this problem.
> >>
> >>     but ... there is a tiny magic configuration setting that might help
> you right now,
> >>
> >>     GUI > Internals Configuration > Internal Configuration > check
> consistency
> >>
> >>     i think it's switched off by default in 3.9-support and master, but
> not before.
> >>
> >>     unchecking this may speed things up. beware that it's on again
> after restart.
> >>
> >>     arnost
> >>
> >>     po 18. 2. 2019 v 16:03 odesílatel Wojciech Staszewski <
> wojciech.staszewski at diagnostyka.pl <mailto:
> wojciech.staszewski at diagnostyka.pl>> napsal:
> >>
> >>         Hello!
> >>
> >>         I am curious about your opinion and experience about optimal
> server hardware for midPoint deployment.
> >>
> >>         At the moment I have over 7000 users, 190 active resources, 422
> Org Units, 2793 roles, 111 reconciliation tasks.
> >>         Our midPoint is working slow. GUI became very slow, if user has
> over 20 projections the user details page opens dramatically slow.
> >>         Hardware: 26 CPU cores, 256GB RAM (128G reserved for Tomcat,
> 50G for DB), 8 x SSD RAID10 for the DB.
> >>         Database: MySQL, DB size: 17GB.
> >>
> >>         At the moment I moved all server tasks to evening hours and
> weekends to enable GUI routine works for end users.
> >>         But I wonder if this is a good moment to start thinking about
> second midPoint node to make a cluster...
> >>
> >>         And this is still pre-production time (production launch is
> planned on 07.2019r).
> >>         Will the second node be a cure for slow GUI? Or maybe move the
> connectors to a separate host?
> >>         Maybe re-planning server tasks?
> >>
> >>         Thanks,
> >>         WS
> >>
> >>         --
> >>         Wojciech Staszewski
> >>         Administrator Systemów Sieciowych
> >>         www.diagnostyka.pl <http://www.diagnostyka.pl/>
> >>         Diagnostyka Sp. z o. o.
> >>         ul. Prof. M. Życzkowskiego 16, 31-864 Kraków
> >>         Numer KRS: 0000381559 (Sąd Rejonowy dla Krakowa-Śródmieścia w
> Krakowie, XI Wydział Gospodarczy KRS)
> >>         NIP: 675-12-65-009; REGON: 356366975
> >>         Kapitał zakładowy: 33 756 500 zł.
> >>
> >>         Pomyśl o środowisku zanim wydrukujesz ten e-mail.
> >>         _______________________________________________
> >>         midPoint mailing list
> >>         midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com
> >
> >>         http://lists.evolveum.com/mailman/listinfo/midpoint
> >>
> >>
> >>
> >>     --
> >>
> >>     *Arnošt Starosta*
> >>     solution architect
> >>
> >>     gsm: [+420] 603 794 932
> >>     e‑mail: arnost.starosta at ami.cz <mailto:arnost.starosta at ami.cz>
> >>
> >>     *AMI Praha a.s.*
> >>     Pláničkova 11, 162 00 Praha 6
> >>
> >>     tel.: [+420] 274 783 239 | web: www.ami.cz <https://www.ami.cz/>
> >>
> >>     AMI Praha a.s.
> >>
> >>     Textem tohoto e‑mailu podepisující neslibuje uzavřít ani neuzavírá
> za společnost AMI Praha a.s.
> >>     jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít
> výhradně písemnou formu.
> >>
> >>     Tento e‑mail je určen výhradně pro potřeby jeho adresáta/ů a může
> obsahovat důvěrné nebo osobní
> >>     informace. Nejste‑li zamýšleným příjemcem, je zakázáno jakékoliv
> zveřejňování, zprostředkování
> >>     nebo jiné použití těchto informací. Pokud jste obdrželi e‑mail
> neoprávněně, informujte o tom prosím
> >>     odesílatele a vymažte neprodleně všechny kopie tohoto e‑mailu
> včetně všech jeho příloh. Nakládáním
> >>     s neoprávněně získanými informacemi se vystavujete riziku právního
> postihu.
> >>
> >>     _______________________________________________
> >>     midPoint mailing list
> >>     midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
> >>     http://lists.evolveum.com/mailman/listinfo/midpoint
> >>
> >> _______________________________________________
> >> midPoint mailing list
> >> midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
> >> http://lists.evolveum.com/mailman/listinfo/midpoint
> >
> >
> > _______________________________________________
> > midPoint mailing list
> > midPoint at lists.evolveum.com
> > http://lists.evolveum.com/mailman/listinfo/midpoint
> >
>
> --
> Wojciech Staszewski
> Administrator Systemów Sieciowych
> www.diagnostyka.pl
> Diagnostyka Sp. z o. o.
> ul. Prof. M. Życzkowskiego 16, 31-864 Kraków
> Numer KRS: 0000381559 (Sąd Rejonowy dla Krakowa-Śródmieścia w Krakowie, XI
> Wydział Gospodarczy KRS)
> NIP: 675-12-65-009; REGON: 356366975
> Kapitał zakładowy: 33 756 500 zł.
>
> Pomyśl o środowisku zanim wydrukujesz ten e-mail.
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20190218/e99a1bee/attachment.htm>

More information about the midPoint mailing list