<div dir="ltr">This right here "
Indeed, the resources are spread across the country, not in one central location, midPoint is accessing them by IPSec VPN over WAN. " is probably your number one slow down, especially if they have 100 projections.<div><br></div><div>the other you already fixed and or are fixing, "
direct connecting Linux boxes to midPoint" , that one also caused us many slowdowns so I also removed them and are managing through ldap group memberships which powerborker (pbis open) and sssd use for access permissions. Currently also moving from powerbroker to sssd as I think the product is sunsetting sometime in the near future</div><div><br></div><div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, Feb 18, 2019 at 10:13 AM Wojciech Staszewski <<a href="mailto:wojciech.staszewski@diagnostyka.pl">wojciech.staszewski@diagnostyka.pl</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Thank all of you for the answers.<br>
The server is bare metal, not VM.<br>
Indeed, the resources are spread across the country, not in one central location, midPoint is accessing them by IPSec VPN over WAN.<br>
Till 07.2019 I'll connect many more. This can slow down the server tasks for sure.<br>
But I quit from direct connecting Linux boxes to midPoint and now I use FreeIPA for Linux users (not yet managed by midPoint as I currently have no idea how to do it),<br>
because the Linux connector is pretty problematic, so I removed over 200 resources from midPoint.<br>
The users having 100+ projections were unable to display at all ;)<br>
<br>
I'll read about profiling and consistency, thanks for pointing that.<br>
Thanks!<br>
WS<br>
<br>
W dniu 18.02.2019 o 16:46, Davy Priem pisze:<br>
> Indeed, that’s a beast. I have about 20 000 users with an average of 10 projections per user running on 16GB of RAM and 4 cores. I hope that beast is not a virtual server because that would give the worst possible cpu performance ever.<br>
> <br>
> Davy Priem<br>
> IT technical coordinator VIVES University<br>
> <br>
>> Op 18 feb. 2019, om 16:23 heeft Jason Everling <<a href="mailto:jeverling@bshp.edu" target="_blank">jeverling@bshp.edu</a> <mailto:<a href="mailto:jeverling@bshp.edu" target="_blank">jeverling@bshp.edu</a>>> het volgende geschreven:<br>
>><br>
>> yep, that's a beast of a server for such a low count. If you do get a 2nd, you could turn them into a virtualization cluster and run midpoint as well as other applications. I still think you would have issues with midpoint being slow.<br>
>><br>
>> You need some performance measuring done to see what is slowing it down, my guess is the resource response times are slowing you down. This is where a subscription would come in handy, maybe you need some optimization done to templates, mappings, etc..<br>
>><br>
>><br>
>><br>
>> On Mon, Feb 18, 2019 at 9:19 AM Arnošt Starosta - AMI Praha a.s. <<a href="mailto:arnost.starosta@ami.cz" target="_blank">arnost.starosta@ami.cz</a> <mailto:<a href="mailto:arnost.starosta@ami.cz" target="_blank">arnost.starosta@ami.cz</a>>> wrote:<br>
>><br>
>> Hi Wojciech,<br>
>><br>
>> that's a lot of HW and i have no true solution to this problem.<br>
>><br>
>> but ... there is a tiny magic configuration setting that might help you right now,<br>
>><br>
>> GUI > Internals Configuration > Internal Configuration > check consistency<br>
>><br>
>> i think it's switched off by default in 3.9-support and master, but not before.<br>
>><br>
>> unchecking this may speed things up. beware that it's on again after restart.<br>
>><br>
>> arnost<br>
>><br>
>> po 18. 2. 2019 v 16:03 odesílatel Wojciech Staszewski <<a href="mailto:wojciech.staszewski@diagnostyka.pl" target="_blank">wojciech.staszewski@diagnostyka.pl</a> <mailto:<a href="mailto:wojciech.staszewski@diagnostyka.pl" target="_blank">wojciech.staszewski@diagnostyka.pl</a>>> napsal:<br>
>><br>
>> Hello!<br>
>><br>
>> I am curious about your opinion and experience about optimal server hardware for midPoint deployment.<br>
>><br>
>> At the moment I have over 7000 users, 190 active resources, 422 Org Units, 2793 roles, 111 reconciliation tasks.<br>
>> Our midPoint is working slow. GUI became very slow, if user has over 20 projections the user details page opens dramatically slow.<br>
>> Hardware: 26 CPU cores, 256GB RAM (128G reserved for Tomcat, 50G for DB), 8 x SSD RAID10 for the DB.<br>
>> Database: MySQL, DB size: 17GB.<br>
>><br>
>> At the moment I moved all server tasks to evening hours and weekends to enable GUI routine works for end users.<br>
>> But I wonder if this is a good moment to start thinking about second midPoint node to make a cluster...<br>
>><br>
>> And this is still pre-production time (production launch is planned on 07.2019r).<br>
>> Will the second node be a cure for slow GUI? Or maybe move the connectors to a separate host?<br>
>> Maybe re-planning server tasks?<br>
>><br>
>> Thanks,<br>
>> WS<br>
>><br>
>> -- <br>
>> Wojciech Staszewski<br>
>> Administrator Systemów Sieciowych<br>
>> <a href="http://www.diagnostyka.pl" rel="noreferrer" target="_blank">www.diagnostyka.pl</a> <<a href="http://www.diagnostyka.pl/" rel="noreferrer" target="_blank">http://www.diagnostyka.pl/</a>><br>
>> Diagnostyka Sp. z o. o.<br>
>> ul. Prof. M. Życzkowskiego 16, 31-864 Kraków<br>
>> Numer KRS: 0000381559 (Sąd Rejonowy dla Krakowa-Śródmieścia w Krakowie, XI Wydział Gospodarczy KRS)<br>
>> NIP: 675-12-65-009; REGON: 356366975<br>
>> Kapitał zakładowy: 33 756 500 zł.<br>
>><br>
>> Pomyśl o środowisku zanim wydrukujesz ten e-mail.<br>
>> _______________________________________________<br>
>> midPoint mailing list<br>
>> <a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a> <mailto:<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>><br>
>> <a href="http://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
>><br>
>><br>
>><br>
>> -- <br>
>><br>
>> *Arnošt Starosta*<br>
>> solution architect<br>
>><br>
>> gsm: [+420] 603 794 932<br>
>> e‑mail: <a href="mailto:arnost.starosta@ami.cz" target="_blank">arnost.starosta@ami.cz</a> <mailto:<a href="mailto:arnost.starosta@ami.cz" target="_blank">arnost.starosta@ami.cz</a>><br>
>><br>
>> *AMI Praha a.s.*<br>
>> Pláničkova 11, 162 00 Praha 6<br>
>><br>
>> tel.: [+420] 274 783 239 | web: <a href="http://www.ami.cz" rel="noreferrer" target="_blank">www.ami.cz</a> <<a href="https://www.ami.cz/" rel="noreferrer" target="_blank">https://www.ami.cz/</a>><br>
>><br>
>> AMI Praha a.s.<br>
>><br>
>> Textem tohoto e‑mailu podepisující neslibuje uzavřít ani neuzavírá za společnost AMI Praha a.s.<br>
>> jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít výhradně písemnou formu.<br>
>><br>
>> Tento e‑mail je určen výhradně pro potřeby jeho adresáta/ů a může obsahovat důvěrné nebo osobní<br>
>> informace. Nejste‑li zamýšleným příjemcem, je zakázáno jakékoliv zveřejňování, zprostředkování<br>
>> nebo jiné použití těchto informací. Pokud jste obdrželi e‑mail neoprávněně, informujte o tom prosím<br>
>> odesílatele a vymažte neprodleně všechny kopie tohoto e‑mailu včetně všech jeho příloh. Nakládáním<br>
>> s neoprávněně získanými informacemi se vystavujete riziku právního postihu.<br>
>><br>
>> _______________________________________________<br>
>> midPoint mailing list<br>
>> <a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a> <mailto:<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>><br>
>> <a href="http://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
>><br>
>> _______________________________________________<br>
>> midPoint mailing list<br>
>> <a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a> <mailto:<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>><br>
>> <a href="http://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
> <br>
> <br>
> _______________________________________________<br>
> midPoint mailing list<br>
> <a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
> <a href="http://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
> <br>
<br>
-- <br>
Wojciech Staszewski<br>
Administrator Systemów Sieciowych<br>
<a href="http://www.diagnostyka.pl" rel="noreferrer" target="_blank">www.diagnostyka.pl</a><br>
Diagnostyka Sp. z o. o.<br>
ul. Prof. M. Życzkowskiego 16, 31-864 Kraków<br>
Numer KRS: 0000381559 (Sąd Rejonowy dla Krakowa-Śródmieścia w Krakowie, XI Wydział Gospodarczy KRS)<br>
NIP: 675-12-65-009; REGON: 356366975<br>
Kapitał zakładowy: 33 756 500 zł.<br>
<br>
Pomyśl o środowisku zanim wydrukujesz ten e-mail.<br>
_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
</blockquote></div>