recommended configuration, a Proxy host can typically support up to 7,000 users and a Security Token Service (STS) host can typically support up to 15,000 users.
You can add further Proxy and STS hosts to support more users and to provide high availability. For a production environment, we recommend that you deploy an additional proxy host and STS host to provide high availability and protect against a single host failure. For
NOTE: If you are not proxying any applications, including the Cloud Access Manager portal, the number of Proxy hosts should match the number of STS hosts.
One Identity Cloud Access Manager contains a reverse proxy to provide Single Sign-On (SSO) to web applications that do not support federation, for example basic, NT LAN Manager (NTLM), header and form authentication. The reverse proxy is also used to allow secure access to internal web applications from the Internet. When you access a proxied application, all communication between the web browser and the application goes through the proxy for the entire session, not only for the authentication. For a production environment, we recommend that each proxy host has 9GB of physical memory and 8 processor cores across 2 CPU.
A single proxy host can handle up to 12,000 concurrent connections. Modern web browsers typically use between 6 and 8 persistent HTTP connections when accessing an application. But during idle periods, such as when a user is reading, they will often reduce the number of connections to just a single connection, or even close all connections until the next user interaction. The browser can use each connection to send multiple HTTP requests to the application. The proxy will close a connection after either processing 100 HTTP
proxy host has 9GB of physical memory, with 6GB of this memory allocated to the Java virtual machine (JVM) used by the proxy.
NOTE: These figures are intended as guidelines. Different operating systems may require more or less RAM to be allocated to them to function effectively. For instance, 8GB RAM may be sufficient for a proxy running on Windows Server Core OS with 6 GB allocated to the JVM heap.
4. You must restart the proxy service for this setting to take effect. To restart the proxy service, click the General tab and then click Restart.
NOTE: Memory consumption of the proxy can exceed the amount allocated to the JVM heap. This is because Java allocates memory to other processes, such as a stack for each thread. Therefore, it is not unusual for the total memory used by the proxy to exceed the value allocated to the JVM heap by up to 10%.
For a production environment, the recommended default settings described below allow each proxy host to handle up to 12,000 concurrent, persistent HTTP connections.
To increase the number of concurrent HTTP connections.
Perform the following steps on the proxy host.
The following example will allow approximately 12,000 persistent HTTP connections. Run this command from a command prompt as an administrator. It is recommended to reboot after taking these steps.
You can see how many what the dynamic ports are currently set to with this command:
We recommend the following minimum disk space requirements are observed. For further information on installation requirements, please refer to the document entitled One Identity Cloud Access Manager Installation Guide.
Table 1. Disk space requirements
|Disk Space||25GB||Proxy host.|
|Disk Space||50GB||STS host (Security Analytics Engine not operational)|
|Disk Space||50GB||STS host (Security Analytics Engine operational)|
NOTE: These recommended disk space values are intended as a general guideline. We suggest that you monitor disk space usage on all your servers to account for usage changes that occur, such as expanding log files (For example, from other applications such as IIS), a
For a production environment, we recommend that each Security Token Service (STS) host has 8GB of physical memory and 8 processor cores across 2 cpu.
CPU and memory usage varies between the different authentication methods. Our stress testing has shown a single STS host can support between 12,000 and 18,000 users authenticating over a 30 minute period. Our recommended maximum of 15,000 is an average of the two. No special configuration is required on the STS hosts to support this number of users.