Chat now with support
Chat with Support

One Identity Safeguard for Privileged Sessions 8.0 LTS - Sizing Guide for SPS version 6.9

Central search capacity

Starting with SPS version 5 F6, it is possible to join multiple SPS nodes into a cluster, monitor their status, and update their configuration from a central location. Starting with version 5 F7, when you have a cluster of nodes set up, you have the possibility to search all session data recorded by all nodes in the cluster on a single node. This is achieved by assigning roles to the individual nodes in your cluster: you can set up one of your SPS nodes to be the Search Master and the rest of the nodes to be Search Minions. Search Minions send session data that they record to the Search Master, and the Search Master acts as a central search node.

Take note of the following capacity requirements when setting up your cluster for central search:

  • Only T10 appliances or similarly sized Virtual Appliances (VAs) are supported as Search Master nodes.
  • The Search Master node only provides search and reporting functionality and cannot be used to manage production SSH, RDP, and so on traffic.
  • At most, 8 appliances (of any kind) can be connected to a single Search Master node.
  • The network connection between the Search Minion nodes and the Search Master node must comply with the following requirements if the appliances are operated near their maximum capacity:
    • Must have at least 99.95% annual availability.
    • Must be able to support at least 10MB/sec sustained bandwidth.

    In case of an outage:

    • A one-time outage of up to 10 hours is handled without the disruption of traffic.
    • New connections are no longer accepted and existing connections start to be dropped if the outage is longer than 10 hours.
    • Recovery is automatic once the connection is re-established.

    When there is a smaller load on the system, these network requirements are different as more limited availability, smaller bandwidth, and more outage time are tolerated.

Sizing guidelines

In order to scale the appropriate SPS box, One Identity engineers need technical information from the customers including the following:

  • The number of concurrent connections going through SPS.
  • How many of the concurrent connections are controlled / monitored or just routed through SPS.
  • The protocols used for the listed connections.
  • The duration of an average working session.
  • The type of sessions that should be monitored, for example, system administrator's sessions, or remote scripted commands, or average end-users' sessions (for example, call center or bank employees).
  • The preferred screen size and – in the case of graphical sessions – the resolution of the working sessions.

Based on these details, One Identity engineers can recommend an appropriate deployment for you.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating