Netegrity sponsored the testing
in this report. Mindcraft, Inc. conducted the performance tests
described in this report at Microsoft's test lab in Redmond,
Netegrity SiteMinder 4.61
with Microsoft Active Directory sets the standard for
Policy Server login performance on Windows 2000 with
37,251 logins per minute per CPU
Netegrity SiteMinder 4.61 with Microsoft Active
Directory now delivers the benefits, performance and
scalability of SiteMinder to servers running Microsoft
The performance results presented in this paper are
based on Mindcraft® tests using our AuthMark Benchmark
Login and Extranet Scenarios.
Login Scenario Results
The Login Scenario simulates users requesting and receiving the
first Web page at a protected Web site. It measures the combination
of one user authentication and one authorization for access to a
protected resource (called a Login). We report Logins/minute. The detailed
part of this paper explains the
Scenario more thoroughly.
Table 1 summarizes the Login Scenario
performance as a function of the SiteMinder Policy Server configuration
and the directory size. All of the Login
Scenario tests used one Policy Server; only the number of CPUs was
varied as shown in Table 1.
Each of the Login tests drove the SiteMinder Policy Server CPUs
as close as possible to 100% CPU utilization. The three networks we
used (load generators to Web servers, Web
servers to Policy Servers, and Policy Server to Active Directory server)
had enough bandwidth available that they were able to support the
highest load without limiting overall performance. Except for the
Login 1 test, all user credentials for the entries tested were
cached in the SiteMinder Policy Server.
Table 1: SiteMinder 4.61 Login Performance
* - Look at the
Detailed Login Results
in the second part of this for how this is computed.
The Login 1 and 2 tests show the performance benefit that caching
user credentials can bring. The two test configurations are
identical except for the use of a second CPU in the Active Directory
server for the Login 1 test, which was needed in order to
maximize the Policy Server performance. You can see that enabling
caching in the Login 2 test increases performance 1.95 times that of
the Login 1 test.
The Scaling Factor in Table 1 shows how SiteMinder's
performance scales as Policy Server CPUs are added for the Login 2,
3, and 4 tests (the gray shaded rows). Figure 1 shows
SiteMinder's performance for the Login 2, 3, and 4 tests by the
number of Policy Server CPUs.
SiteMinder Login Scalability for 1,000,000 Users
The Login 5 test used a directory with 20 million entries in it
and tested 1 million active users. Comparing performance for the
Login 5 test with that of the Login 4 test, which used a 1 million-entry directory and tested only 10% of the number of active users
used for the Login 5 test, you can see that SiteMinder continues to
deliver high performance even as the number of active users
increases by a factor of 10.
Extranet Scenario Results
The Extranet Scenario simulates customers or suppliers logging
into a private Web site and obtaining information they are authorized
to receive. It measures the combination of one user authentication and
10 authorizations for access to resources, 11 operations in all. The
Extranet Scenario, because it uses a more realistic mix of operations
than the Login Scenario,
provides a better basis for comparing access control and identity management
solutions. You can find a more complete description of the
Scenario in the detailed part of this paper.
The Extranet test was done with
SiteMinder configured to cache all active user credentials, as one
would do if the servers were on the inside of a private network with
firewalls to protect access to systems that store passwords and
other sensitive information.
Table 2 shows the Extranet Scenario performance
metrics. We used a single directory server with one CPU for this
Table 2: SiteMinder 4.61 Extranet
The benchmark results lead us to conclude that:
- SiteMinder 4.61 with Microsoft Active Directory
sets the per CPU performance standard for 1,000,000-user
directories against which other Windows 2000 Policy Server-based
products will be measured.
- SiteMinder 4.61 on Microsoft Windows 2000 using Active Directory
demonstrates the performance required to support 20,000,000
- The SiteMinder 4.61 Policy Server on Windows 2000 delivers
outstanding scalability across four processors.
Mindcraft certifies that the results reported herein accurately represent
the performance of Netegrity SiteMinder 4.61 with Microsoft Active
running on servers using Microsoft Windows 2000 configured as specified and as measured by AuthMark benchmark.
Our test results should be reproducible by others using the same
test lab configuration and
the same software configurations documented in this white paper.
The information in this publication is subject to
change without notice.
MINDCRAFT, INC. SHALL NOT BE LIABLE FOR ERRORS OR OMISSIONS CONTAINED
HEREIN, NOR FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES RESULTING FROM
THE FURNISHING, PERFORMANCE, OR USE OF THIS MATERIAL.
This publication does not constitute an endorsement
of the product or products that were tested. This test is not a
determination of product quality or correctness, nor does it ensure
compliance with any federal, state or local requirements.
Mindcraft is a registered trademark of Mindcraft,
Product and corporate names mentioned herein are
trademarks and/or registered trademarks of their respective companies.