2.8 Virtual Machine Requirements

The virtual machine must have enough resources. It needs to match the requirements that a physical machine has for the Access Manager component. To have performance comparable to a physical machine, you need to increase the memory and CPU requirements.

For the hard disk, RAM, and CPU requirements, each virtual machine should meet the following minimum requirements:

  • 100 GB of disk space

  • 4 GB RAM

  • 2 CPUs

The following virtual machines are supported:

  • VMware ESX Server version 3.5 or later

  • Xen Virtualization on SUSE Linux Enterprise Server 10 SP2 or later

NOTE:SLES11 SP1 and SP2 Access Gateway does not support XEN para virtualization for the Access Manager 3.2 release.

The following sections contain a few installation tips for virtual machines:

2.8.1 Keeping Time Synchronized on the Access Manager Devices

Even when virtual machines are configured to use a network time protocol server, time does not stay synchronized because the machines periodically lose their connection to the NTP server. The easiest solution is to configure the Administration Console to use an NTP server and have the other devices use a cron job to synchronize their time with the Administration Console.

SLES 11 SP2 or SP3: The ntpdate command is not supported by SLES 11 SP2 or SP3. You can use the sntp command in its place. Add the following command to the /etc/crontab file of the device:

*/5 * * * *   root   /usr/sbin/sntp -P no -r >/dev/null 2>&1

Replace with the IP address of your Administration Console.

NOTE:The time keeping for SLES 11 SP2 or SP3 is also applicable for Access Gateway appliance if XEN Full Virtualization is used.

2.8.2 How Many Virtual Machines Per Physical Machine

How you deploy your virtual machines can greatly influence Access Manager performance, especially if you run too many virtual machines on insufficient hardware. As a rough guideline, we recommend that you deploy only four Access Manager virtual machines on a single piece of hardware. When you start deploying more than four, the Access Manager components start competing with each other for same hardware resources at the same time. You can put as many other types of services as the machine can support, as long as they aren’t trying to use the same hardware resources as the Access Manager components.

The configured CPUs must match the hardware CPUs on the machine. Performance is drastically reduced if you allocate more virtual CPUs than actually exist on the machine.

Another potential bottleneck is IO. For best performance, each virtual machine should have its own hard disk, or you need a SAN that is capable of handling the IO traffic.

For example, if you have one 16-CPU machine, you get better performance when you configure the machine to have four Access Gateways with 4 assigned CPUs than you get when you configure the machine to have eight Access Gateways with 2 assigned CPUs. If the machines are dedicated to Access Manager components, you get better performance from two 8-CPU machines than you get from one 16-CPU machine.The setup really depends on your unique environment and finding the right hardware and virtualization configuration for your cluster.


2.8.3 Which Network Adapter to be used for VMWare ESX

Use the E1000 network adapter for NetIQ Access Manager installation on VMWare ESX.