3.8 Virtual Machine Requirements

The virtual machine must have enough resources. It needs to match the requirements that a physical machine has for the Access Manager component. To have performance comparable to a physical machine, you need to increase the memory and CPU requirements.

For the hard disk, RAM, and CPU requirements, each virtual machine should meet the following minimum requirements:

The following virtual machines are supported:

NOTE:SLES11 Linux Access Gateway supports only XEN full virtualization for the Access Manager 3.1 SP2 release.

The following sections contain a few installation tips for virtual machines:

3.8.1 Keeping Time Synchronized on the Access Manager Devices

Even when virtual machines are configured to use a network time protocol server, time does not stay synchronized because the machines periodically lose their connection to the NTP server. The easiest solution is to configure the Administration Console to use an NTP server and have the other devices use a cron job to synchronize their time with the Administration Console.

SLES 10: Add the following command to the /etc/crontab file of the device:

*/5 * * * *     root  /usr/sbin/ntpdate -u 10.20.30.108 >/dev/null 2>&1

Replace 10.20.30.108 with the IP address of your Administration Console.

SLES 11: The ntpdate command is not supported by SLES 11. You can use the sntp command in its place. Add the following command to the /etc/crontab file of the device:

*/5 * * * *   root   /usr/sbin/sntp -P no -r 10.20.30.108 >/dev/null 2>&1

Replace 10.20.30.108 with the IP address of your Administration Console.

3.8.2 How Many Virtual Machines Per Physical Machine

How you deploy your virtual machines can greatly influence Access Manager performance, especially if you run too many virtual machines on insufficient hardware. As a rough guideline, we recommend that you deploy only four Access Manager virtual machines on a single piece of hardware. When you start deploying more than four, the Access Manager components start competing with each other for same hardware resources at the same time. You can put as many other types of services as the machine can support, as long as they aren’t trying to use the same hardware resources as the Access Manager components.

The configured CPUs must match the hardware CPUs on the machine. Performance is drastically reduced if you allocate more virtual CPUs than actually exist on the machine.

Another potential bottleneck is IO. For best performance, each virtual machine should have its own hard disk, or you need a SAN that is capable of handling the IO traffic.

For example, if you have one 16-CPU machine, you get better performance when you configure the machine to have four Access Gateways with 4 assigned CPUs than you get when you configure the machine to have eight Access Gateways with 2 assigned CPUs. If the machines are dedicated to Access Manager components, you get better performance from two 8-CPU machines than you get from one 16-CPU machine.The setup really depends on your unique environment and finding the right hardware and virtualization configuration for your cluster.

.