[OTDev] OpenAM performance
Andreas Maunz andreas at maunz.deMon Jul 4 18:48:17 CEST 2011
- Previous message: [OTDev] OpenAM performance
- Next message: [OTDev] OpenAM performance
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
A pity we can't upgrade, I have nice scripts for import and export of databases and configs. Andreas "Luchesar V. ILIEV" <luchesar.iliev at gmail.com> schrieb: >On 07/04/2011 15:52, Vedrin Jeliazkov wrote: >>> Given your below results, the most important >>> step besides upgrading will be a real powerful LDAP service for >>> configuration store. >> >> Yes, this is simply a must. In fact I'm convinced that as long as we >> stick to the current rather resource demanding AA solution that we've >> designed and implemented, we should probably run it on bare hardware, >> not "in the cloud", in order to ensure satisfying performance. >Another >> important aspect would be fault tolerance (both OpenAM and OpenDJ >> support load-balancing, failover and federating but this needs to be >> investigated/tested further). In addition, for such a critical >> component such as AA it is often required to have multiple servers, >> running at different physical locations, to ensure proper level of >> availability. > >Hope you don't mind if I add yet another aspect: security. From this >standpoint, not only it's desirable to avoid virtualization (as the >added technical complexity means much less control), but it's even >better to deploy such services on dedicated hardware. > >Overall, a serious centralized AA system would require careful planning >starting from the very physical location where it would be deployed (it >should, obviously, allow for tight control of who and when has access >to >the hardware). And, as security is by definition a dynamic process, >never a static condition, that system would need constant attention: >monitoring, software management (at the very least, patching >regularly), >proactive protection and contingency preparedness. > >This, again, all speaks strongly in favour of a dedicated system. > >Best regards, >Luchesar >_______________________________________________ >Development mailing list >Development at opentox.org >http://www.opentox.org/mailman/listinfo/development -- http://www.maunz.de
- Previous message: [OTDev] OpenAM performance
- Next message: [OTDev] OpenAM performance
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Development mailing list