of 16 /16
 SAP NetWeaver® Identity Management 7.1/7.2 Released for SAP Customers and Partners Version 7.2 Rev 4, March 2012 SIZING GUIDE 

0. SAP NetWeaver Identity Management Sizing Guide

  • Author
    gbpawar

  • View
    29

  • Download
    2

Embed Size (px)

DESCRIPTION

0. SAP NetWeaver Identity Management Sizing Guide

Text of 0. SAP NetWeaver Identity Management Sizing Guide

  • SAP NetWeaver Identity Management 7.1/7.2

    Released for SAP Customers and Partners

    Version 7.2 Rev 4, March 2012

    SIZING GUIDE

  • SAP AG Released for SAP Customers and Partners 2

    2012 SAP AG. All rights reserved.

    No part of this publication may be reproduced or transmitted in

    any form or for any purpose without the express permission of

    SAP AG. The information contained herein may be changed

    without prior notice.

    Some software products marketed by SAP AG and its

    distributors contain proprietary software components of other

    software vendors.

    Microsoft, Windows, Excel, Outlook, PowerPoint, Silverlight,

    and Visual Studio are registered trademarks of Microsoft

    Corporation.

    IBM, DB2, DB2 Universal Database, System i, System i5,

    System p, System p5, System x, System z, System z10, z10,

    z/VM, z/OS, OS/390, zEnterprise, PowerVM, Power

    Architecture, Power Systems, POWER7, POWER6+, POWER6,

    POWER, PowerHA, pureScale, PowerPC, BladeCenter, System

    Storage, Storwize, XIV, GPFS, HACMP, RETAIN, DB2

    Connect, RACF, Redbooks, OS/2, AIX, Intelligent Miner,

    WebSphere, Tivoli, Informix, and Smarter Planet are trademarks

    or registered trademarks of IBM Corporation.

    Linux is the registered trademark of Linus Torvalds in the

    United States and other countries.

    Adobe, the Adobe logo, Acrobat, PostScript, and Reader are

    trademarks or registered trademarks of Adobe Systems

    Incorporated in the United States and other countries.

    Oracle and Java are registered trademarks of Oracle and its

    affiliates.

    UNIX, X/Open, OSF/1, and Motif are registered trademarks of

    the Open Group.

    Citrix, ICA, Program Neighborhood, MetaFrame, WinFrame,

    VideoFrame, and MultiWin are trademarks or registered

    trademarks of Citrix Systems Inc.

    HTML, XML, XHTML, and W3C are trademarks or registered

    trademarks of W3C, World Wide Web Consortium,

    Massachusetts Institute of Technology.

    Apple, App Store, iBooks, iPad, iPhone, iPhoto, iPod, iTunes,

    Multi-Touch, Objective-C, Retina, Safari, Siri, and Xcode are

    trademarks or registered trademarks of Apple Inc.

    IOS is a registered trademark of Cisco Systems Inc.

    RIM, BlackBerry, BBM, BlackBerry Curve, BlackBerry Bold,

    BlackBerry Pearl, BlackBerry Torch, BlackBerry Storm,

    BlackBerry Storm2, BlackBerry PlayBook, and BlackBerry App

    World are trademarks or registered trademarks of Research in

    Motion Limited.

    Google App Engine, Google Apps, Google Checkout, Google

    Data API, Google Maps, Google Mobile Ads, Google Mobile

    Updater, Google Mobile, Google Store, Google Sync, Google

    Updater, Google Voice, Google Mail, Gmail, YouTube, Dalvik

    and Android are trademarks or registered trademarks of Google

    Inc.

    INTERMEC is a registered trademark of Intermec

    Technologies Corporation.

    Wi-Fi is a registered trademark of Wi-Fi Alliance.

    Bluetooth is a registered trademark of Bluetooth SIG Inc.

    Motorola is a registered trademark of Motorola Trademark

    Holdings LLC.

    Computop is a registered trademark of Computop

    Wirtschaftsinformatik GmbH.

    SAP, R/3, SAP NetWeaver, Duet, PartnerEdge, ByDesign,

    SAP BusinessObjects Explorer, StreamWork, SAP HANA,

    and other SAP products and services mentioned herein as

    well as their respective logos are trademarks or registered

    trademarks of SAP AG in Germany and other countries.

    Business Objects and the Business Objects logo,

    BusinessObjects, Crystal Reports, Crystal Decisions, Web

    Intelligence, Xcelsius, and other Business Objects products

    and services mentioned herein as well as their respective

    logos are trademarks or registered trademarks of Business

    Objects Software Ltd. Business Objects is an SAP company.

    Sybase and Adaptive Server, iAnywhere, Sybase 365, SQL

    Anywhere, and other Sybase products and services

    mentioned herein as well as their respective logos are

    trademarks or registered trademarks of Sybase Inc. Sybase

    is an SAP company.

    Crossgate, [email protected] EDDY, B2B 360, and B2B 360

    Services are registered trademarks of Crossgate AG in

    Germany and other countries. Crossgate is an SAP

    company.

    All other product and service names mentioned are the

    trademarks of their respective companies. Data contained

    in this document serves informational purposes only.

    National product specifications may vary.

    These materials are subject to change without notice. These

    materials are provided by SAP AG and its affiliated companies

    ("SAP Group") for informational purposes only, without

    representation or warranty of any kind, and SAP Group shall not

    be liable for errors or omissions with respect to the materials.

    The only warranties for SAP Group products and services are

    those that are set forth in the express warranty statements

    accompanying such products and services, if any. Nothing herein

    should be construed as constituting an additional warranty.

    Documentation in the SAP Service Marketplace

    You can find this documentation at the following address: http://service.sap.com/sizing

  • SAP AG Sizing SAP NetWeaver Identity Management - SAP Customers and Partners 1

    TABLE OF CONTENTS

    1 INTRODUCTION ................................................................................................................................... 2 1.1 FUNCTIONS OF SAP NETWEAVER IDENTITY MANAGEMENT ................................................................ 2 1.2 ARCHITECTURE OF SAP NETWEAVER IDENTITY MANAGEMENT .......................................................... 2 1.3 FACTORS THAT INFLUENCE THE PERFORMANCE ................................................................................... 3

    2 SIZING FUNDAMENTALS AND TERMINOLOGY ........................................................................... 4 3 DEPLOYMENT OPTIONS SAP NETWEAVER IDENTITY MANAGEMENT ................................. 5

    3.1 IDENTITY CENTER SERVERS ................................................................................................................ 5 3.2 SYSTEM LANDSCAPES ......................................................................................................................... 5

    3.2.1 Size S Demo/development ........................................................................................................ 6 3.2.2 Size M Minimum production environment ................................................................................ 7 3.2.3 Size L Optimized for performance ............................................................................................ 7 3.2.4 Size XL Optimized for availability ............................................................................................ 8 3.2.5 Network Considerations ............................................................................................................. 8

    4 INITIAL SIZING FOR SAP NETWEAVER IDENTITY MANAGEMENT ........................................ 9 4.1 USAGE PATTERNS AND INFLUENCING FACTORS ................................................................................... 9 4.2 MINIMUM HARDWARE REQUIREMENTS FOR THE PRODUCTION LANDSCAPE ........................................ 10

    4.2.1 Sample for Microsoft SQL Server as the database system .......................................................... 10 4.2.2 Sample for Oracle as the database system ................................................................................ 11

    4.3 INITIAL SIZING ................................................................................................................................. 12 4.3.1 Database Server ....................................................................................................................... 12 4.3.2 Runtime Server......................................................................................................................... 13 4.3.3 User Interface Server ............................................................................................................... 13

    5 COMMENTS AND FEEDBACK ......................................................................................................... 13

  • SAP AG Sizing SAP NetWeaver Identity Management - SAP Customers and Partners 2

    1 Introduction This document provides initial sizing information for the SAP NetWeaver Identity Management. Precise recommendations for each customer will be determined on a case-by-case basis for each customers specific requirements. The SAP sales/support team, your internal IT department, and your hardware vendor can help to define the best configuration for your environment.

    The calculations must be considered as guidelines based on assumed average usage. If the end-results seem unrealistic, please contact SAP for further guidelines.

    1.1 Functions of SAP NetWeaver Identity Management The SAP NetWeaver Identity Management is a general purpose identity management application which provides the functions and services needed to integrate distributed identity data in the system landscape to efficient, heterogeneous identity lifecycle management. The prime objective is to centrally manage and keep all identity data within the enterprise up-to-date. You can use SAP NetWeaver Identity Management for processing identity information in a variety of ways, depending on your system landscape. Some typical identity management operations are:

    x Create and delete accounts (users). x Set password on an account. x Disable account, to prevent login. x Update/modify account, e.g. new telephone number, address or other user information. x Grant and revoke authorization to use a resource. x Create and delete group objects. x Add/remove users to/from groups.

    1.2 Architecture of SAP NetWeaver Identity Management SAP NetWeaver Identity Management consists of two components:

    x Identity Center The Identity Center is the primary component used for identity management. The Identity Center includes functions for identity provisioning (based on roles and rules, it will create accounts and give access rights in target applications), entry modifications, access right revoking, and deleting of entries, workflow, password management, logging, and reporting. It uses a centralized repository, called the identity store, to provide a uniformed view of the data, regardless of the datas original source. The Identity Center retrieves the data from these various repositories, consolidates it, transforms it into the necessary formats, and publishes it back to the various decentralized repositories.

    x Virtual Directory Server The Virtual Directory Server is a component provided by SAP NetWeaver Identity Management that acts as a single access point for clients retrieving or updating data in multiple data repositories, as it provides a uniformed view of the data in real-time. It logically presents information in a virtual directory tree. Different users and applications can, based on their access rights, get different views of the information. You can use the VDS, for example, to consolidate multiple repositories and then as a data source for the Identity Center. You then use Identity Center for provisioning and performing identity management functions.

    A more detailed architecture overview can be found in the document SAP NetWeaver Identity Management Operation Guide, available on the Help Portal or SDN.

  • SAP AG Sizing SAP NetWeaver Identity Management - SAP Customers and Partners 3

    1.3 Factors that influence the performance The actual system requirement in a production environment depends on variables like:

    x Total number of entries x Number of concurrent users x Number of transactions per day

    The complexity of the configuration also affects performance:

    x Complexity of the role hierarchy (depth and width) x Complexity of the tasks involved x Complexity of any SQL statements x Use of filters in access control (not recommended) x Number of members of roles, privileges and dynamic groups

  • SAP AG Sizing SAP NetWeaver Identity Management - SAP Customers and Partners 4

    2 Sizing Fundamentals and Terminology SAP provides general sizing information on the SAP Service Marketplace. For the purpose of this guide, we assume that you are familiar with sizing fundamentals. You can find more information at http://service.sap.com/sizing Sizing General Sizing Procedures. This section explains the most important sizing terms, as these terms are used extensively in this document.

    Sizing Sizing means determining the hardware requirements of an SAP application, such as the network bandwidth, physical memory, CPU processing power, and I/O capacity. The size of the hardware and database is influenced by both business aspects and technological aspects. This means that the number of users using the various application components and the data load they put on the server must be taken into account.

    Benchmarking Sizing information can be determined using SAP Standard Application Benchmarks and scalability tests (www.sap.com/benchmark). Released for technology partners, benchmarks provide basic sizing recommendations to customers by placing a substantial load upon a system during the testing of new hardware, system software components, and relational database management systems (RDBMS). All performance data relevant to the system, user, and business applications are monitored during a benchmark run and can be used to compare platforms.

    SAPS The SAP Application Performance Standard (SAPS) is a hardware-independent unit that describes the performance of a system configuration in the SAP environment. It is derived from the Sales and Distribution (SD) Benchmark, where 100 SAPS is defined as the computing power to handle 2,000 fully business processed order line items per hour. (For more information about SAPS, see http://www.sap.com/benchmark SAPS). Initial Sizing Initial sizing refers to the sizing approach that provides statements about platform-independent requirements of the hardware resources necessary for representative, standard delivery SAP applications. The initial sizing guidelines assume optimal system parameter settings, standard business scenarios, and so on.

    Expert Sizing This term refers to a sizing exercise where customer-specific data is being analyzed and used to put more detail on the sizing result. The main objective is to determine the resource consumption of customized content and applications (not SAP standard delivery) by comprehensive measurements. For more information, see http://service.sap.com/sizing Sizing Guidelines General Sizing Procedures Expert Sizing. Configuration and System Landscaping Hardware resource and optimal system configuration greatly depend on the requirements of the customer-specific project. This includes the implementation of distribution, security, and high availability solutions by different approaches using various third-party tools. In the case of high availability through redundant resources, for example, the final resource requirements must be adjusted accordingly.

    There are some "best practices" which may be valid for a specific combination of operating system and database. To provide guidance, SAP created the NetWeaver configuration guides (http://service.sap.com/instguides SAP NetWeaver).

  • SAP AG Sizing SAP NetWeaver Identity Management - SAP Customers and Partners 5

    3 Deployment Options SAP NetWeaver Identity Management

    The system landscapes described in the sections that follow provide guidelines for determining an initial sizing configuration.

    3.1 Identity Center servers In the description of the system landscapes, the following names are used to identify the different servers/components of the Identity Center.

    Server Name Description

    DB Database server The Identity Center database runs on this server.

    MC Management Console This component is used for configuration of the Identity Center.

    RT Runtime Components This can be one or more servers, where the Identity Center runtime engines are running.

    UI User Interface The Identity Management User Interface runs on SAP NetWeaver AS Java.

    3.2 System landscapes The system landscape for the Identity Center can look very different depending on the environment and the role of the installation. The next sections describe the following landscapes:

    x Small (S), Demo/development. x Medium (M), Minimum production environment. x Large (L), Optimized for performance. x Extra Large (XL), Optimized for availability.

  • SAP AG Sizing SAP NetWeaver Identity Management - SAP Customers and Partners 6

    3.2.1 Size S Demo/development This is the smallest possible scenario with all components installed on the same server:

    This configuration is ideal for demo, development and functional prototyping.

    DB/MC/RT/UI All components are running in the same environment

    No specific requirements for sizing other than minimum requirements for the database system and SAP NetWeaver AS Java.

    Make sure to reserve no more than half the amount of physical memory for the database to leave capacity for the runtimes.

  • SAP AG Sizing SAP NetWeaver Identity Management - SAP Customers and Partners 7

    3.2.2 Size M Minimum production environment In this scenario, each component is installed on a separate server:

    This scenario is used to set up a duplicate of the production environment, typically for testing and QA purposes. It has lower requirements on performance and availability. If desired, some of the components may be combined on the same server, for example Identity Management User Interface and Runtime Components.

    3.2.3 Size L Optimized for performance This is a production system optimized for performance of the runtime processing, but without clustering of the UI and DB servers:

    The components are installed on different servers, but in addition the RT server is duplicated.

    The servers with the Runtime Components are duplicated by setting up two or more servers with identical configurations. This will ensure high availability and load sharing of the processing. The Runtime Components can also be distributed to the servers with SAP NetWeaver AS Java.

  • SAP AG Sizing SAP NetWeaver Identity Management - SAP Customers and Partners 8

    3.2.4 Size XL Optimized for availability This is a production system with high availability and high performance:

    The components are installed on different servers, but in addition the servers are either clustered or duplicated.

    The database server must be clustered to ensure high availability of the data.

    The servers with SAP NetWeaver AS Java for the Identity Management User Interface must be clustered, to ensure high availability. Load-balancing must be handled separately.

    For SAP NetWeaver AS Java, see the Technical Infrastructure Guide SAP NetWeaver 7.0, https://websmp210.sap-ag.de/~sapidb/011000358700005531212005E.pdf.

    For Enhancement Package 1 for SAP NetWeaver Composition Environment 7.1, see for instance http://help.sap.com/saphelp_nwce711/helpdata/en/48/8fe37933114e6fe10000000a421937/frameset.htm.

    For SAP NetWeaver Composition Environment 7.2, see http://help.sap.com/saphelp_nwce72/helpdata/en/48/99d142ee2b73e7e10000000a42189b/frameset.htm.

    For SAP NetWeaver 7.3, see http://help.sap.com/saphelp_nw73/helpdata/en/48/8fe37933114e6fe10000000a421937/frameset.htm.

    The servers with the Runtime Components are duplicated by setting up two or more servers with identical configurations. This will ensure high availability and load sharing of the processing. The Runtime Components can also be distributed to the servers with SAP NetWeaver AS Java.

    3.2.5 Network Considerations The components/servers should be installed in one LAN with a backbone of 1 Gbps.

    The Identity Management User Interface is a Web Dynpro application deployed on a SAP NetWeaver AS Java. For information about the requirements for the network connection to this server, see Sizing SAP NetWeaver Composition Environment (http://service.sap.com/sizing, Sizing Guidelines, Solutions & Platforms) for details.

  • SAP AG Sizing SAP NetWeaver Identity Management - SAP Customers and Partners 9

    4 Initial Sizing for SAP NetWeaver Identity Management In this chapter, you find an initial sizing for SAP NetWeaver Identity Management. The sizing is based on assumptions. Please always check if assumptions and the resulting sizing requirements fit to your own sizing exercise.

    4.1 Usage Patterns and Influencing Factors Usage patterns influences how to size the solution. These are the main factors:

    x Number of entries (amount of data) x Number of managed users x Number of managed Business Roles x Number of Managed Technical Roles

    x Number of lookups (searches) x The expected number of interactions with the system, done by the end

    users/administrators

    x Number of changes x Average number of changes on entries

    x Number of simultaneous users x Number of users simultaneously entering the system using the Identity Management User

    Interface

    The table below shows how the different factors influence the sizing of the servers. When the factors in the first column increase, this will influence the sizing of each server.

    Parameters

    Servers

    DB RT UI

    Amount of data Disk - -

    Lookups CPU/Memory - Memory

    Changes Disk/CPU/Memory CPU/Memory CPU/Memory

    Simultaneous users CPU/Memory - CPU/Memory

  • SAP AG Sizing SAP NetWeaver Identity Management - SAP Customers and Partners 10

    4.2 Minimum Hardware Requirements for the Production Landscape

    4.2.1 Sample for Microsoft SQL Server as the database system The following table is a sample based on the following configuration, not a general recommendation:

    x 100 000 entries x Microsoft SQL Server 2005 as database system

    Server Minimum system requirements

    DB Microsoft Windows 2003 Server

    Memory >= 16 GB

    CPU >= 4 CPU (multi/single core) 2Ghz processor Example: Intel Core2 CPU 6600 @ 2.40 GHz

    Disk >= 500 GB

    Dedicated HA Server

    MC Microsoft Windows 2003 Server

    Memory >= 1 GB

    CPU >= 1 CPU 1Ghz processor

    Disk >= 1 GB

    RT Microsoft Windows 2003 Server

    Memory >= 3 GB

    CPU >= 2 CPU 2Ghz processor

    Disk >= 5 GB

    Two or more servers with identical configuration

    UI Microsoft Windows 2003 Server

    Memory >= 2 GB

    CPU >= 2 CPU 2Ghz processor

    Disk >= 150 GB, Requirements according to SAP NetWeaver AS Java

    Two or more servers in a cluster

  • SAP AG Sizing SAP NetWeaver Identity Management - SAP Customers and Partners 11

    4.2.2 Sample for Oracle as the database system The following table is a sample based on the following configuration:

    x 100 000 entries x Oracle as database system

    Server Minimum system requirements

    DB Unix 64-bit/Microsoft Windows 2003 Server

    Memory >= 16 GB

    CPU >= 4 CPU (multi/single core) 2Ghz processor Example: Intel Core2 CPU 6600 @ 2.40 GHz

    Disk >= 500 GB

    Dedicated HA Server

    MC Microsoft Windows 2003 Server

    Memory >= 1 GB

    CPU >= 1 CPU 1Ghz processor

    Disk >= 1 GB

    RT Unix 64-bit/Microsoft Windows 2003 Server

    Memory >= 3 GB

    CPU >= 2 CPU 2Ghz processor

    Disk >= 5 GB

    Two or more servers with identical configuration

    UI Unix 64-bit/Microsoft Windows 2003 Server

    Memory >= 2 GB

    CPU >= 2 CPU 2Ghz processor

    Disk >= 150 GB, Requirements according to SAP NetWeaver AS Java

    Two or more servers in a cluster

  • SAP AG Sizing SAP NetWeaver Identity Management - SAP Customers and Partners 12

    4.3 Initial Sizing If further throughput requirements of your productive system are available, you can create a more precise sizing for CPU, memory and disk. In the case of SAP NetWeaver Identity Management, you will find sizing formulas that you can use to calculate your sizing requirements.

    Please note: If your sizing result exceeds 40 000 SAPS, please contact SAP.

    Variable Description

    ANT Average Number of action Tasks towards target systems (including the identity store). Typically 5.

    APE Audit per Entry. (Average Size in Kb of the audit log for one user. The audit log includes information about tasks executed on the user. Typically 1 kb).

    MKA Months to Keep Audit

    NCM Number of Changes pr Month

    NIO Peak Number of Operations per Hour on Identity Store

    NOE Number of Entries

    NOR Number of Revisions of historical user data

    NOS Number of Connected Systems

    NPO Peak Number of updates (per hour) to the identity store leading to Provisioning. Updates can come from the Identity Management User Interface, a job and an action task.

    NPPE Peak number of Entries to be Processed in Parallel (per hour).

    If one user is provisioned into two different systems, this counts as two operations.

    Note that this number does not take into account the time spent on the system being provisioned to.

    SCE Size of Content per Entry in MB. This number may vary depending on which attributes are stored on each entry. The number will be higher when including for instance pictures or other binary attributes.

    TEPH Peak Task Executions per Hour

    4.3.1 Database Server

    4.3.1.1 CPU

    The needed SAPS for Peak Task Executions per Hour (TEPH). Therefore, the following formula can be applied:

    TEPH = ((NPO*NOS) + NIO) * ANT SAPS = TEPH * 0,42

    Example: 500 users should be provisioned into three different systems within 1 hour. In this case, SAPS can be calculated as following:

    TEPH = ((100*3) + 500) * 5 TEPH = 4000 SAPS = 4000 * 0,42 SAPS = 1680

  • SAP AG Sizing SAP NetWeaver Identity Management - SAP Customers and Partners 13

    4.3.1.2 Memory

    This will be the same as the memory requirements for the database system and should be available in the documentation for the database system itself.

    4.3.1.3 Disk

    Disk usage must be calculated for different types of information:

    x Operational information This is all the current and pending values of attributes and configuration data.

    x Historical information This is previous values of the attributes.

    x Audit data and logs Operational information

    Disk_Operational = NOE * SCE

    Example: 10000 * 0,5 MB = 5 GB Historical information

    Disk_History1 = NOE * SCE * NOR

    Example: 10000 * 0,5 MB * 3 = 15 GB Audit and Logs

    Disk_Audit = APE * NCM * MKA

    Example: 1 KB * 10000 * 12 = 120 MB

    4.3.2 Runtime Server

    4.3.2.1 CPU

    For an example, please see the CPU calculation for the database server.

    4.3.2.2 Memory

    Memory = (SCE * NPPE) * 1000

    Example: (0,5 MB * 10000) = 5 GB

    4.3.2.3 Disk

    The required disk space can be calculated based on the size of the installed software and disk space needed for memory cache.

    Example:

    Installed software: 150MB

    Memory cache: See the guideline for the operating system for details about memory caching

    The total disk space required will be the sum of these two.

    4.3.3 User Interface Server Sizing of this server can be based on the sizing of the SAP NetWeaver AS Java on which the Identity Management User Interface is deployed. See http://service.sap.com/sizing, Sizing Guidelines for details.

    5 Comments and Feedback Both are very welcome; please send them to Identity Management Support (Component BC-IAM-IDM).

  • SAP AG Sizing SAP NetWeaver Identity Management - SAP Customers and Partners 14

    SAP NetWeaver Identity Management Sizing GuideTable of Contents1.1 Functions of SAP NetWeaver Identity Management1.1 Functions of SAP NetWeaver Identity Management1.2 Architecture of SAP NetWeaver Identity Management1.3 Factors that influence the performance3.1 Identity Center servers3.2 System landscapes3.2.1 Size S Demo/development3.2.2 Size M Minimum production environment3.2.3 Size L Optimized for performance3.2.4 Size XL Optimized for availability3.2.5 Network Considerations

    4.1 Usage Patterns and Influencing Factors4.2 Minimum Hardware Requirements for the Production Landscape4.2.1 Sample for Microsoft SQL Server as the database system4.2.2 Sample for Oracle as the database system

    4.3 Initial Sizing4.3.1 Database Server4.3.2 Runtime Server4.3.3 User Interface Server