OpenAM, OpenDJ Production Setup

Tagged: ,

This topic contains 2 replies, has 3 voices, and was last updated by  Bill Nelson 7 months ago.

  • Author
    Posts
  • #24550
     DhilipSwaminathan 
    Participant

    Hi,

    I am planning to setup production environment for OpenAM.
    I have 2 options to set it up.

    Option 1 (2 servers):

    Server 1: OpenAM1 + Opendj1
    Server 2: OpenAM2 + Opendj2

    Option 2 (4 servers):

    Server 1: OpenAM1
    Server 2: OpenAM2

    Server 3: OpenDJ1
    Server 4: OpenDJ2

    And both the openam would be behind AWS load balancer.

    Any suggestions would be much appreciated.

    #24551
     srinath.m 
    Participant

    Hi @dhilipswaminathan,

    In our prod env we are used option -2 i.e 4 servers OpenAM -2, OpenDJ -2.
    We noticed some issues like heap memory, Permgen error, outofmemory,High CPU errors where we used AM+DJ on same VM(we have this kind setup on other env’s like DEV/SIt/UAT).

    Hope it helps.
    Thanks,
    Srinath

    #24552
     Bill Nelson 
    Participant

    I am going to give you the answer that no one wants, but that is completely accurate – “it depends”.

    We, like @srinath-m, typically split these out into separate VMs, but not because of the issues that he relates.

    (@srinath-m, are you using the embedded version of DJ when you see this behavior? Because separate instances of AM and DJ use completely different JVMs. You should never see heap issues just because you install them both on the same VM unless you are using the embedded version of DJ and that is not recommended for CTS or the User Store for exactly the reasons you mention.)

    We split our instances off mainly because of the inherent differences between a web application (AM) and an ldap server (DJ, i.e. a database) – they are different beasts. You typically devote system resources (RAM, Disk, CPU) differently between these two. You also configure the OS differently for each type of instance. And the network requirements between the two may differ as well.

    So while we “typically” place these instances on separate servers, we do so for 1) scalability, 2) high availability, and 3) the ability to tune the environments independently in order to accommodate business needs. There are times, however, when we do place all instances on a single platform and they work just fine. So again, “it depends” on your needs.

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.

©2019 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?