You are here

Hardware Sizing and System Requirements Airlock IAM

Affects product: 
Airlock IAM
Airlock Login
Affects version(s): 
6

Hardware

Recommended hardware profiles for Airlock IAM (valid for OS installation and deployment with Docker):

Profile Minimum Requirements Example

Minimum (for demo purposes)

1  CPU 2.0 GHz
4 GB RAM

Virtual machine with 4GB RAM and a virtual 10 GB disk

Small

Up to 5 logins/sec

1 x 4-Core CPU 3.0 GHz
8 GB RAM
80 GB Diskspace

Virtual machine with 4 vCPUs, 6 GB RAM and a virtual 80 GB disk

HP ProLiant DL20 Gen9
1 x 4-Core Xeon (E3-1240v5) CPU 3.5G - 3.9 Hz
8 GB RAM

Medium

Up to 25 logins/sec

2 x 8-Core CPU 3.0 GHz
16 GB RAM
400 GB Diskspace

HP ProLiant DL360 Gen10
2 x 10-Core Xeon (4114) CPU 2.2 - 3.0 GHz
16 GB RAM

or equivalent virtual machine

Large

Up to 100 logins/sec

2 x 16-Core CPU 3.0 GHz
32 GB RAM
1 TB Diskspace

HP ProLiant DL360 Gen10
2 x 18-Core Xeon (6140) CPU 2.3 - 3.7 GHz
32 GB RAM

or equivalent virtual machine

Please note that it is very easy to achieve higher performance with horizontal scaling as Airlock IAM is built for active/active setups.

The actual performance depends very much on configured features, defined authentication processes, cryptographic parameters and load from other functionalities, e.g. self-services, One-Shot authentication, OAuth token exchange, etc. The chosen password hashing has typically the greatest impact since good password hashing algorithms are designed to use high computation costs. The above table bases on the following assumptions:

  • password with scrypt hashes as the first factor
  • MTAN as the second factor
  • IAM performance optimization recommendations are respected:
    • Audit Log signing is switched off
    • the DB connection pool has a size of 16 and fits well the performance of the DB server
    • recommended DB indices have been created

Airlock IAM scales well with the number of CPUs and cores. However CPU threads won't help, since the system is CPU-bound (scrypt). CPU threads are beneficial if a CPU core has to wait for I/O.

 

Platform

The following general system requirements must be met for installing Airlock IAM:

  • For IAM 7.0:
    • Supported operating systems: CentOS/Red Hat Enterprise Linux 7, Ubuntu Server 16.04 LTS and 18.04 LTS, SUSE Linux Enterprise Server 11 and 12, Docker
    • Other Linux operating systems may work but are not officially supported.
  • For IAM 6.4:
    • Supported operating systems: CentOS/Red Hat 6 and 7, Ubuntu 15.04 or newer, SUSE Linux Enterprise Server 11 and 12
      Other Linux operating systems may work but are not officially supported.
    • Oracle Java 8 JRE (at least 1.8u91)

Airlock IAM supports current mobile devices and most used desktop browsers for the customer facing Loginapp. Access to the Adminapp is not designed to be used with mobile devices.

For further details and requirements please check the version specific Airlock IAM documentation.

Data Layer

The chosen data layer has to be well managed and monitored. IAM is not responsible for operation and backup/recovery. For productive usage the data layer should be clustered.

  • Databases: Oracle, MySQL, MariaDB (as of IAM 7.0), Microsoft SQL Server, H2. Other databases with JDBC may work but are not supported.
    See Database Selection for decision support.
  • LDAP directories (you need to extend your schema)
  • Microsoft Active Directory (no schema extension required but limits IAM features that can be used)

For further details and requirements please check the version specific Airlock IAM documentation.

Knowledge Base Categories: