I recently attended Gartner IAM in San Diego and the topic of Cloud Computing permeated the titles of presentations throughout the conference. Eric Sachs, from Google gave a good presentation on applying IAM principles to applications in the cloud. RSA talked about network based security detection for companies leveraging the cloud. You might even argue, depending on your definition of the cloud, that Matthew Modica’s talk on using Sun Role Manager at Express Scripts was about using role management to help provide better security to cloud based services. However, despite the good content and dialogue it seems that there is still some room for clarification as this space evolves. The one thing that seemed obvious was that performance requirements for IAM infrastructure is going to continue to grow and be tested by this evolving space.
At Sun, we worry about performance requirements every day as our customers push our existing technologies with demanding performance requirements. Directory Server Enterprise Edition with it’s more than 10 years of experience in the market has had to deal with cloud based architectures in a number of ways. However, before we talk about how they intersect it is prudent for us to define the different types of clouds (prudent because there is still controversy over the definition of clouds). According to Wikipedia there are three different types of clouds: Public, Hybrid and Private.
Directory Server Enterprise Edition (DSEE) provides infrastructure for companies that primarily use private and hybrid clouds. In both the private and hybrid environments, these cloud based architectures reside in large enterprises using Directory Server to provide an authentication service for a portal and collaboration platforms for customer, employees and partner’s. Additionally, Telco’s and service providers have used DSEE to provide the identity backbone for private and hybrid clouds. In these deployments DSEE is used as the access and authentication layer and OpenSSO as the single-sign-on, federation or web services security layer. However, the most common use case that we see today is enterprises using DSEE as the identity backbone for the hybrid cloud environment. This is where companies are using federation or web services security on top of Directory Services to leverage Public Cloud services to extend the services they offer customers, employees and partners.
At the very least these architectures in cloud computing are pushing performance beyond traditional levels. This is also why we have seen a resurgence in interest in Directory Services. The Directory Server and specifically Sun’s Directory Server Enterprise Edition provides proven performance that enterprises can rely on as they build, experiment and deploy these new services. We continue to push our existing products and new versions of the product to get the best performance out of the platform. Terry Gardner, building off the great work Brad Diggs has done, recently published an example of this in his blog post to report performance results on a 13,800,000 user Directory using DSEE 5.2, Solaris 10 Update 7 using ZFS and Sun Netra x4250. The deployment provided some impressive performance results below (taken from Terry’s Blog here):
- 8,000 searches per second with simultaneous updates
- maximum 800 milliseconds for any single search
- minimum 70% CPU utilization (usr+sys)