[38218] in Kerberos
Re: Determening the number of clients per KDC
daemon@ATHENA.MIT.EDU (Russ Allbery)
Mon Apr 16 00:13:37 2018
From: Russ Allbery <eagle@eyrie.org>
To: Sergei Gerasenko <gerases@gmail.com>
In-Reply-To: <1C73515B-D4F8-4D09-B6BE-860B897DC89A@gmail.com> (Sergei
Gerasenko's message of "Sun, 15 Apr 2018 23:06:04 -0500")
Date: Sun, 15 Apr 2018 21:13:21 -0700
Message-ID: <87sh7vbxge.fsf@hope.eyrie.org>
MIME-Version: 1.0
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="utf-8"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
Sergei Gerasenko <gerases@gmail.com> writes:
> I’m planning an MIT KDC installation for a hadoop cluster consisting of
> X clients with Y kerberized services each. The KDCs are rather powerful
> machines with 64 cores and 125G of RAM. I want to get the most out of
> this hardware and use the mininum number of KDCs required. Is there a
> rule of thumb for situations like this?
> For example, imagining X=300 and Y=10, can/should I run X*Y (3000)
> workers to accomodate the worst case scenario when they all want to get
> their tickets? Or can I assume that X*Y/2 will can handle that?
For 3000 workers, you could probably run the KDC on a Raspberry Pi.
Redundancy for outage tolerance is almost certainly going to be the
limiting factor for number of KDCs in this situation unless you have way,
way more clients getting tickets than that, or you're using really short
ticket lifetimes, or you have some other unusual situation.
--
Russ Allbery (eagle@eyrie.org) <http://www.eyrie.org/~eagle/>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos