You are here

Hardware Sizing and System Requirements Airlock IAM

Affects product: 
Airlock IAM
Airlock Login
Affects version(s): 
7.1 and newer

Hardware

Recommended hardware profiles for Airlock IAM (valid for OS installation and deployment with Docker):

Profile Minimum Requirements Example

Minimum (for demo purposes)

1  CPU 2.0 GHz
4 GB RAM

Virtual machine with 4GB RAM and a virtual 10 GB disk

Small

Up to 5 logins/sec

1 x 4-Core CPU 3.0 GHz
8 GB RAM
80 GB Diskspace

Virtual machine with 4 vCPUs, 6 GB RAM, and a virtual 80 GB disk

HP ProLiant DL20 Gen9
1 x 4-Core Xeon (E3-1240v5) CPU 3.5G - 3.9 Hz
8 GB RAM

Medium

Up to 25 logins/sec

2 x 8-Core CPU 3.0 GHz
16 GB RAM
400 GB Diskspace

HP ProLiant DL360 Gen10
2 x 10-Core Xeon (4114) CPU 2.2 - 3.0 GHz
16 GB RAM

or equivalent virtual machine

Large

Up to 100 logins/sec

2 x 16-Core CPU 3.0 GHz
32 GB RAM
1 TB Diskspace

HP ProLiant DL360 Gen10
2 x 18-Core Xeon (6140) CPU 2.3 - 3.7 GHz
32 GB RAM

or equivalent virtual machine

Please note that it is very easy to achieve higher performance with horizontal scaling as Airlock IAM is built for active/active setups.

The actual performance depends very much on configured features, defined authentication processes, cryptographic parameters, and load from other functionalities, e.g. self-services, One-Shot authentication, OAuth token exchange, etc. The chosen password hashing has typically the greatest impact since good password hashing algorithms are designed to use high computation costs. The above table bases on the following assumptions:

  • password with scrypt hashes as the first factor
  • MTAN as the second factor
  • IAM performance optimization recommendations are respected:
    • Audit Log signing is switched off
    • the DB connection pool has a size of 16 and fits well the performance of the DB server
    • recommended DB indices have been created

Airlock IAM scales well with the number of CPUs and cores. However, CPU threads won't help, since the system is CPU-bound (scrypt). CPU threads are beneficial if a CPU core has to wait for I/O.

Platform

Please refer to the version-specific Airlock IAM documentation.

Data Layer

The chosen data layer has to be well managed and monitored. IAM is not responsible for the operation and backup/recovery. For productive usage, the data layer should be clustered.

Knowledge Base Categories: