[38219] in Kerberos
Re: Determening the number of clients per KDC
daemon@ATHENA.MIT.EDU (Sergei Gerasenko)
Mon Apr 16 00:22:08 2018
Mime-Version: 1.0 (Mac OS X Mail 11.2 \(3445.5.20\))
From: Sergei Gerasenko <gerases@gmail.com>
In-Reply-To: <87sh7vbxge.fsf@hope.eyrie.org>
Date: Sun, 15 Apr 2018 23:21:51 -0500
Message-Id: <9A950C9B-FB47-45A0-A199-1C08175EEA6C@gmail.com>
To: Russ Allbery <eagle@eyrie.org>
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="utf-8"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
Thanks for the quick response, Russ. Let’s say I run 1 worker process. How many clients can that sustain in the worst case scenario of all the clients trying to get a ticket? I need some way to quantify this. As for failover, I am planning to deploy a standby node.
> On Apr 15, 2018, at 11:13 PM, Russ Allbery <eagle@eyrie.org> wrote:
>
> Sergei Gerasenko <gerases@gmail.com> writes:
>
>> I’m planning an MIT KDC installation for a hadoop cluster consisting of
>> X clients with Y kerberized services each. The KDCs are rather powerful
>> machines with 64 cores and 125G of RAM. I want to get the most out of
>> this hardware and use the mininum number of KDCs required. Is there a
>> rule of thumb for situations like this?
>
>> For example, imagining X=300 and Y=10, can/should I run X*Y (3000)
>> workers to accomodate the worst case scenario when they all want to get
>> their tickets? Or can I assume that X*Y/2 will can handle that?
>
> For 3000 workers, you could probably run the KDC on a Raspberry Pi.
>
> Redundancy for outage tolerance is almost certainly going to be the
> limiting factor for number of KDCs in this situation unless you have way,
> way more clients getting tickets than that, or you're using really short
> ticket lifetimes, or you have some other unusual situation.
>
> --
> Russ Allbery (eagle@eyrie.org) <http://www.eyrie.org/~eagle/>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
