Introduction

This document will serve as a guideline for sizing your instance of IDHub. The following guide should be used by the Enterprise Architecture and Implementation Teams, who are planning their IDHub deployment as a reference only.

IDHub is built on micro-service architecture, and your instance will be deployed in containers. This helps to rapidly scale with your performance needs.

The micro-services and the underlying container, will manage the orchestration of the provisioning, reconciliation of identity and account profiles, roles and entitlements, workflow processing, and administration.

The instance uses micro-services, REST APIs, SCIM, and other technologies, to interact with the end-users, target systems, and with its identity repository.

Optimal performance maintenance is required for the IDHub instance to function within expected service level agreements (SLA), and provide the desired function. As a result, while sizing and procuring hardware, architects need to factor in the additional hardware which will be explained in detail below.

This document will be divided into two sections or factors; functional and non-functional factors:

Functional Factors

The functional factors are a list of functions and ongoing processes. We will breakdown the functional factors, in order to portray a clear view of the need for the non-functional factors, like the hardware requirements.

The functional factors will be divided into 3 types of IDHub subscription models:  Free Trial, Teams, and Enterprise. To learn more about subscription model pricing, see the IDHub Pricing Page.

UI Client

The performance of the UI client is influenced by the number of concurrent users accessing the system. The container-based modalities typically help scale and maintain performance. Concurrent user activity will also affect the sizing of CPU, and memory requirements for the IDHub instance.

The number of concurrent users is the total number of users who will be accessing IDHub at the same time. Based on your size, you can choose specific subscription models.

Below is the ideal subscription model based on the number of users in the organization:

Subscription Model --> Free TrialTeams (On-Premise)Enterprise (On-Premise)
Total No. of users1-2525-500500+

Policy-Based Provisioning

Access policies and membership to a group, are rules that grant or revoke accounts and entitlements in target systems, or the user interface. This dynamic determination of policies, can at times, result in reevaluating the entire user population. As a result, the number of users, user groups, provisioning policies, rules, and resources, are important considerations. 

Below is the ideal range of daily access requests that are present as per various subscription models of IDHub:

Subscription Model --> Free TrialTeams (On-Premise)Enterprise (On-Premise)
Daily Access Requests1-1010-200200+

Reconciliation

Reconciliation is a process of comparing and synchronizing user account information in a target system, with the IDM system or IDHub Instance. It is used to create and/or update user and/or account profiles within IDHub, as well as connected IDM’s.

Reconciliation can be broadly defined below:

  1. Querying a target system for changes to a user account
  2. Extracting the user account information
  3. Create reconciliation events for users that have a change identified
  4. Process the change

Reconciliation of a large number of users can place resource constraints on the database. To ensure that reconciliation does not become an issue, implementation must keep the following recommendations in mind:

  1. Do reconciliation during off-hours when no other jobs or processes are running or competing for space and database resources.
  2. Do batch reconciliations i.e. consider setting filters.
  3. If required, consider setting up additional IDHub instances dedicated to processing reconciliation.

Below is the count of Reconciliation jobs per week that are ideal for various subscription models in IDHub

Subscription Model --> Free TrialTeams (On-Premise)Enterprise (On-Premise)
Reconciliation Jobs1-1010-100100+

Workflow & Request Processing

Deployments having:

  1. Medium to large user population with a large number of resources (10 or higher) and use a complex workflow with multiple levels of approvals or determination of approval workflow based on business logic.
  2. Small to medium user populations having complex workflow processes that make use of external rules or role management engines or external systems to drive workflow should factor in the increased load while sizing the infrastructure.

Currently, we have OOB Workflows, and count of Custom Workflows and measurements are coming soon in future releases.

Other Considerations

To ensure the Identity Repository only contains the information required for its day-to-day operations, and to minimize the performance impact of running large processes or reports:

  1. Plan the retention duration of the reconciliation and workflow data in the Identity repository. Best practices must be considered for archival processes to clean up the request and reconciliation history.
  2. Plan to archive audit and report data in an external store. It is recommended that archived data be stored in a database that is different from the Identity Repository, and is on a separate server.

Non Functional Factors

Non Functional factors here are the factors that will be using the hardware accordingly, as per the complexity of the task.

Below is the list of factors, as well as the hardware specifications, which are required in IDHub:

  • CPU
  • RAM
  • Disk Space
  • Network Bandwidth
  • Number of concurrent users
  • Number of Target systems 

CPU

  1. The CPU (Central Processing Unit) performs basic arithmetic, logic, controlling, and input/output (I/O) operations specified by the instructions in the program.
  2. A core can work on one task, while another core works a different task, so the more cores a CPU has, the more efficient it is.
  3. We divide the type of CPU required into three different recommendations for IDHub subscription models:
Subscription Model --> Free TrialTeams (On-Premise)Enterprise (On-Premise)
Recommended No. of CPU cores required81624

RAM

  1. RAM (Random Access Memory) is the hardware in a computing device, where the operating system (OS), application programs, and data in current use are kept, so they can be quickly reached by the device's processor.
  2. RAM is the main memory in a computer. It is much faster to read from and write to, than other kinds of storage, such as a hard disk drive (HDD), solid-state drive (SSD), or optical drive.
  3. We will divide the RAM requirement into three different recommendations for IDHub subscription models (in Gigabytes):
Subscription Model --> Free TrialTeams (On-Premise)Enterprise (On-Premise)
Recommended RAM24 GB32 GB40 GB

Disk space

  1. Alternatively referred to as disk space, disk storage, or storage capacity, disk capacity is the maximum amount of data a disc, disk, or drive is capable of holding.
  2. There are several different storage devices available. For a seamless experience, we specifically recommend SSD drives/SSD based VM,s.
    1. A Solid-State Drive (SSD) is a solid-state storage device, which uses integrated circuit assemblies to store data persistently, typically using flash memory, and functioning as secondary storage in the hierarchy of computer storage. SSDs offer numerous advantages over the traditional mechanical HDDs, which have been used for decades.
    2. Speed is the primary benefit of SSDs, which delivers up to 100 times the performance of HDDs. This translates into faster boot times, quicker file transfers, and greater bandwidth for enterprise computing.
  3. We will be dividing the storage requirement into three different recommendations for IDHub subscription models (in Gigabytes):
Subscription Model --> Free TrialTeams (On-Premise)Enterprise (On-Premise)
Recommended Disk storage100 GB150 GB250 GB

Network bandwidth

  1. Network Bandwidth is the maximum amount of data transmitted over an internet connection, in a given amount of time.
  2. Bandwidth is often mistaken for internet speed, when it's actually the volume of information that can be sent over a connection, in a measured amount of time ; calculated in megabits per second (Mbps).
  3. We will be dividing the storage requirement into three different recommendations for IDHub subscription models:
Subscription Model --> Free TrialTeams (On-Premise)Enterprise (On-Premise)
Network bandwidth50 Mbps200 Mbps300 Mbps

Number of Target systems

  1. The Number of Target systems is the total no of Applications that will need to be integrated into IDHub for your ongoing processes. We advise that you review your requirements for a seamless experience.
  2. If you find that you will need to integrate more applications, please see our IDHub Pricing Page for more information and options.
  3. We will be dividing the count of target system required into three different recommendations for IDHub subscription models:
Subscription Model --> Free TrialTeams (On-Premise)Enterprise (On-Premise)
Total No. of Target system integrations0-55-2525+

In this section

Related content

Need more help?

Folks at IDHub are ready to support you.