Mindcraft Certified Performance

Netegrity SiteMinder 4.61
with Microsoft Active Directory
AuthMark Performance

By Bruce Weiner
(PDF version, 63 KB)
 April 18, 2002

Contents

Executive Summary
Conclusions
Certification
 Login Details
Extranet Details
Test Methodology
   iLOAD MVP
   AuthMark
Server Set Up

Disclosure

Netegrity sponsored the testing in this report. Mindcraft, Inc. conducted the performance tests described in this report at Microsoft's test lab in Redmond, Washington.

Executive Summary

Netegrity SiteMinder 4.61 with Microsoft Active Directory sets the standard for Policy Server login performance on Windows 2000 with 37,251 logins per minute per CPU

Netegrity SiteMinder 4.61 with Microsoft Active Directory now delivers the benefits, performance and scalability of SiteMinder to servers running Microsoft Windows 2000.

The performance results presented in this paper are based on Mindcraft® tests using our AuthMark™ Benchmark Login and Extranet Scenarios.

Login Scenario Results

The Login Scenario simulates users requesting and receiving the first Web page at a protected Web site. It measures the combination of one user authentication and one authorization for access to a protected resource (called a Login). We report Logins/minute. The detailed part of this paper explains the Login Scenario more thoroughly.

Table 1 summarizes the Login Scenario performance as a function of the SiteMinder Policy Server configuration and the directory size. All of the Login Scenario tests used one Policy Server; only the number of CPUs was varied as shown in Table 1.

Each of the Login tests drove the SiteMinder Policy Server CPUs as close as possible to 100% CPU utilization. The three networks we used (load generators to Web servers, Web servers to Policy Servers, and Policy Server to Active Directory server) had enough bandwidth available that they were able to support the highest load without limiting overall performance. Except for the Login 1 test, all user credentials for the entries tested were cached in the SiteMinder Policy Server.

Table 1: SiteMinder 4.61 Login Performance

Test ID       Directory Size
(# entries tested)		 Logins/ Minute Logins/ Minute/ Total CPUs* Logins/ Minute/ Policy Server CPU Scaling Factor Number of Policy Server CPUs
Login 1 1 Million
(100,000 tested)		 19,074 2,725 19,074 N/A
1
Login 2 1 Million
(100,000 tested)		 37,251 6,209 37,251 -
1
Login 3 1 Million
(100,000 tested)		 61,216 5,565 30,608 1.64
2
Login 4 1 Million
(100,000 tested)		 97,769 6,518 24,442 2.62
4
Login 5 20 Million (1,000,000 tested) 81,586 4,079 20,397 N/A
4

* - Look at the Detailed Login Results in the second part of this for how this is computed.

The Login 1 and 2 tests show the performance benefit that caching user credentials can bring. The two test configurations are identical except for the use of a second CPU in the Active Directory server for the Login 1 test, which was needed in order to maximize the Policy Server performance. You can see that enabling caching in the Login 2 test increases performance 1.95 times that of the Login 1 test.

The Scaling Factor in Table 1 shows how SiteMinder's performance scales as Policy Server CPUs are added for the Login 2, 3, and 4 tests (the gray shaded rows).  Figure 1 shows SiteMinder's performance for the Login 2, 3, and 4 tests by the number of Policy Server CPUs.

Figure 1: SiteMinder Login Scalability for 1,000,000 Users

The Login 5 test used a directory with 20 million entries in it and tested 1 million active users. Comparing performance for the Login 5 test with that of the Login 4 test, which used a 1 million-entry directory and tested only 10% of the number of active users used for the Login 5 test, you can see that SiteMinder continues to deliver high performance even as the number of active users increases by a factor of 10.

Extranet Scenario Results

The Extranet Scenario simulates customers or suppliers logging into a private Web site and obtaining information they are authorized to receive. It measures the combination of one user authentication and 10 authorizations for access to resources, 11 operations in all. The Extranet Scenario, because it uses a more realistic mix of operations than the Login Scenario, provides a better basis for comparing access control and identity management solutions. You can find a more complete description of the Extranet Scenario in the detailed part of this paper.

The Extranet test was done with SiteMinder configured to cache all active user credentials, as one would do if the servers were on the inside of a private network with firewalls to protect access to systems that store passwords and other sensitive information.

Table 2 shows the Extranet Scenario performance metrics. We used a single directory server with one CPU for this test.

Table 2: SiteMinder 4.61 Extranet Performance

Directory Size
(# entries tested)		 Extranet
Operations/ Minute		 Extranet Operations/
Minute/
Total CPU		 Extranet Operations/ Minute/ Policy Server CPU
1 Million
(100,000 tested)		 161,192 11,514 161,192

Conclusions

The benchmark results lead us to conclude that:

  • SiteMinder 4.61 with Microsoft Active Directory sets the per CPU performance standard for 1,000,000-user directories against which other Windows 2000 Policy Server-based products will be measured.
  • SiteMinder 4.61 on Microsoft Windows 2000 using Active Directory demonstrates the performance required to support  20,000,000 users.

  • The SiteMinder 4.61 Policy Server on Windows 2000 delivers outstanding scalability across four processors.

Mindcraft Certification

Mindcraft certifies that the results reported herein accurately represent the performance of Netegrity SiteMinder 4.61 with Microsoft Active Directory running on servers using Microsoft Windows 2000 configured as specified and as measured by AuthMark benchmark.

Our test results should be reproducible by others using the same test lab configuration and the same software configurations documented in this white paper.

 Test Details and Analysis

NOTICE:

The information in this publication is subject to change without notice.

MINDCRAFT, INC. SHALL NOT BE LIABLE FOR ERRORS OR OMISSIONS CONTAINED HEREIN, NOR FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES RESULTING FROM THE FURNISHING, PERFORMANCE, OR USE OF THIS MATERIAL.

This publication does not constitute an endorsement of the product or products that were tested. This test is not a determination of product quality or correctness, nor does it ensure compliance with any federal, state or local requirements.

Mindcraft is a registered trademark of Mindcraft, Inc.

Product and corporate names mentioned herein are trademarks and/or registered trademarks of their respective companies.
             
Copyright © 2002. Mindcraft, Inc. All rights reserved.
Mindcraft is a registered trademark of Mindcraft, Inc.
Product and corporate names mentioned herein are trademarks and/or registered trademarks of their respective owners.
For more information, contact us at: info@mindcraft.com
Phone: +1 (408) 395-2404
Fax: +1 (408) 395-6324