Implementation Guide › Performance Tuning › Data Tier Performance › User Store Capacity Planning › How to Estimate a Sustained User Directory Search Rate › Use Authentication Guidelines to Estimate Directory Searches › Case 2: Policy Design and User Directory Requests

Case 2: Policy Design and User Directory Requests

A company has configured four policies to protect the application portal, one of which is bound to a rule that fires upon a successful authentication.

The company uses the following formula to continue estimating the number of requests the Policy Server sends to the user directory to service the authentication load:

authentication_load * (percent_of_policies * number_of_searches) = requests_for_authentication

• authentication_load

  Specifies the number of daily authentications for the application.

• percent_of_policies

  Specifies the total number of enabled policies, represented as a percentage, that are:

  • bound to an onAuth rule
  • create the same number of user directory searches

  Example: Four enabled SiteMinder policies exist. One is bound to an OnAuth rule. This policy generates one user directory search to determine policy membership. Twenty–five percent of the enabled policies fire on authentication and generate one user store search. The remaining policies do not fire during authentication.

• number_of_searches

  Specifies the number of requests that the Policy Server makes to determine if the SiteMinder policy applies to each authenticated user.

• requests_for_authentication

  Specifies the number of user directory requests that the authentication load creates.

Result: 88,000 * 0.25 * 1 = 22,000 requests

The company uses this estimate to determine the total number of user directory requests required to service the daily authentication load.