Minimum System Requirements

Every IDM Platform requires planning and preparation for successful implementation. This page provides you with guidance on how to implement IDHub successfully.

Post environment setup, perform additional steps before installation of IDHub

After assessing System Requirements, you need to perform certain pre-install steps mentioned below to make sure to have a smooth working experience of IDHub in your self hosted environment.

• Implementation Specifications
• Setting Up Your Servers
• Get IDHub

Additional Things to note:

• Make sure that the port used are correct

• Make sure you have a rollback plan in place.

---

Understanding Self Hosted Deployment Modalities

Overview

IDHub can be hosted by various deployment modalities, three are listed below:

Kubernetes Model

• Container Based Install
• Multi- Server
• Cloud Native
• Auto Scaling
• Highly Available

Choose this when:

• Deploying on large production environments
• Public Clouds Available - GCP, Azure, AWS

Bare Metal / Virtual Machine Install

• Non Container Based Install
• Expertise Required 
• Complex
• Sath has professional support services available to assist.

Choose this when:

• Container based infrastructure is unavailable
• Dedicated support team available

Contact Sath Consulting Services.

Currently, we will provide requirements for Docker based installation, which will then later be expanded to Kubernetes and VM Install.

---

Understanding Sample Architecture Infrastructure

IDHub enables you to manage access, provisioning, and de-provisioning of identities within the enterprise environment and into the Cloud.

• IDHub synchronizes with trusted sources of user information like LDAP stores or HRMS databases.

• IDHub runs in a container based environment; docker or Kubernetes, in a single-server or clustered modality.

• IDHub stores user profile information and historical and transactional data, in its internal database server, acting as an Identity Data Store.

• IDHub provides administrative and end-user functionalities via a web client interface, using secure communications.

• The various IDHub modules can be installed per the functionality desired.

Before you install IDHub, please read the Pre-requisites for Installing IDHub here Also identify the specific modules you are looking to work with.

The following diagram will illustrate high level architectural scenarios, which you can use to understand deployment options. Please note: these are examples, are not recommended deployment for your production environment, and neither reflect best practices. Please engage with Sath Consulting Services, for help with design specific to your environment.

[ - Represents an IDHub Connector.

Scenario: This is a sample architecture of a self-hosted IDHub, as a Hybrid System with the use of a separate server, connecting to cloud infrastructure, using SCIM Interface Ports, and connecting to existing IDM Infrastructure, using SHIM native API. 

---

Understanding instance sizing needs

Introduction

The following guide should be used by the Enterprise Architecture and Implementation Teams, who are planning their IDHub deployment as a reference only.

IDHub is built on micro-service architecture, and your instance will be deployed in containers. This helps to rapidly scale with your performance needs.

The micro-services and the underlying container, will manage the orchestration of the provisioning, reconciliation of identity and account profiles, roles and entitlements, workflow processing, and administration.

The instance uses micro-services, REST APIs, SCIM, and other technologies, to interact with the end-users, target systems, and with its identity repository.

Optimal performance maintenance is required for the IDHub instance to function within expected service level agreements (SLA), and provide the desired function. As a result, while sizing and procuring hardware, architects need to factor in the additional hardware which will be explained in detail below.

This document will be divided into two sections or factors; functional and non-functional factors:

Functional Factors

The functional factors are a list of functions and ongoing processes. We will breakdown the functional factors, in order to portray a clear view of the need for the non-functional factors, like the hardware requirements.

The functional factors will be divided into 3 types of IDHub subscription models:  Free Trial, Teams, and Enterprise.

UI Client

The performance of the UI client is influenced by the number of concurrent users accessing the system. The container-based modalities typically help scale and maintain performance. Concurrent user activity will also affect the sizing of CPU, and memory requirements for the IDHub instance.

The number of concurrent users is the total number of users who will be accessing IDHub at the same time. Based on your size, you can choose specific subscription models.

Below is the ideal subscription model based on the number of users in the organization:

Subscription Model -->	Free Trial	Teams (On-Premise)	Enterprise (On-Premise)
Total No. of users	1-25	25-500	500+

Policy-Based Provisioning

Access policies and membership to a group, are rules that grant or revoke accounts and entitlements in target systems, or the user interface. This dynamic determination of policies, can at times, result in reevaluating the entire user population. As a result, the number of users, user groups, provisioning policies, rules, and resources, are important considerations. 

Below is the ideal range of daily access requests that are present as per various subscription models of IDHub:

Subscription Model -->	Free Trial	Teams (On-Premise)	Enterprise (On-Premise)
Daily Access Requests	1-10	10-200	200+

Reconciliation

Reconciliation is a process of comparing and synchronizing user account information in a target system, with the IDM system or IDHub Instance. It is used to create and/or update user and/or account profiles within IDHub, as well as connected IDM’s.

Reconciliation can be broadly defined below:

1. Querying a target system for changes to a user account

2. Extracting the user account information

3. Create reconciliation events for users that have a change identified

4. Process the change

Reconciliation of a large number of users can place resource constraints on the database. To ensure that reconciliation does not become an issue, implementation must keep the following recommendations in mind:

1. Do reconciliation during off-hours when no other jobs or processes are running or competing for space and database resources.
2. Do batch reconciliations i.e. consider setting filters.
3. If required, consider setting up additional IDHub instances dedicated to processing reconciliation.

Below is the count of Reconciliation jobs per week that are ideal for various subscription models in IDHub

Subscription Model -->	Free Trial	Teams (On-Premise)	Enterprise (On-Premise)
Reconciliation Jobs	1-10	10-100	100+

Workflow & Request Processing

Deployments having:

1. Medium to large user population with a large number of resources (10 or higher) and use a complex workflow with multiple levels of approvals or determination of approval workflow based on business logic.
2. Small to medium user populations having complex workflow processes that make use of external rules or role management engines or external systems to drive workflow should factor in the increased load while sizing the infrastructure.

Currently, we have OOB Workflows, and count of Custom Workflows and measurements are coming soon in future releases.

Other Considerations

To ensure the Identity Repository only contains the information required for its day-to-day operations, and to minimize the performance impact of running large processes or reports:

1. Plan the retention duration of the reconciliation and workflow data in the Identity repository. Best practices must be considered for archival processes to clean up the request and reconciliation history.
2. Plan to archive audit and report data in an external store. It is recommended that archived data be stored in a database that is different from the Identity Repository, and is on a separate server.

Non Functional Factors

Non Functional factors here are the factors that will be using the hardware accordingly, as per the complexity of the task.

Below is the list of factors, as well as the hardware specifications, which are required in IDHub:

• CPU
• RAM
• Disk Space
• Network Bandwidth
• Number of concurrent users
• Number of Target systems 

CPU

1. The CPU (Central Processing Unit) performs basic arithmetic, logic, controlling, and input/output (I/O) operations specified by the instructions in the program.
2. A core can work on one task, while another core works a different task, so the more cores a CPU has, the more efficient it is.
3. We divide the type of CPU required into three different recommendations for IDHub subscription models:

Subscription Model -->	Free Trial	Teams (On-Premise)	Enterprise (On-Premise)
Recommended No. of CPU cores required	8	16	24

RAM

1. RAM (Random Access Memory) is the hardware in a computing device, where the operating system (OS), application programs, and data in current use are kept, so they can be quickly reached by the device's processor.
2. RAM is the main memory in a computer. It is much faster to read from and write to, than other kinds of storage, such as a hard disk drive (HDD), solid-state drive (SSD), or optical drive.
3. We will divide the RAM requirement into three different recommendations for IDHub subscription models (in Gigabytes):

Subscription Model -->	Free Trial	Teams (On-Premise)	Enterprise (On-Premise)
Recommended RAM	24 GB	32 GB	40 GB

Disk space

1. Alternatively referred to as disk space, disk storage, or storage capacity, disk capacity is the maximum amount of data a disc, disk, or drive is capable of holding.
2. There are several different storage devices available. For a seamless experience, we specifically recommend SSD drives/SSD based VM,s.
   1. A Solid-State Drive (SSD) is a solid-state storage device, which uses integrated circuit assemblies to store data persistently, typically using flash memory, and functioning as secondary storage in the hierarchy of computer storage. SSDs offer numerous advantages over the traditional mechanical HDDs, which have been used for decades.
   2. Speed is the primary benefit of SSDs, which delivers up to 100 times the performance of HDDs. This translates into faster boot times, quicker file transfers, and greater bandwidth for enterprise computing.
3. We will be dividing the storage requirement into three different recommendations for IDHub subscription models (in Gigabytes):

Subscription Model -->	Free Trial	Teams (On-Premise)	Enterprise (On-Premise)
Recommended Disk storage	100 GB	150 GB	250 GB

Network bandwidth

1. Network Bandwidth is the maximum amount of data transmitted over an internet connection, in a given amount of time.
2. Bandwidth is often mistaken for internet speed, when it's actually the volume of information that can be sent over a connection, in a measured amount of time ; calculated in megabits per second (Mbps).
3. We will be dividing the storage requirement into three different recommendations for IDHub subscription models:

Subscription Model -->	Free Trial	Teams (On-Premise)	Enterprise (On-Premise)
Network bandwidth	50 Mbps	200 Mbps	300 Mbps

Number of Target systems

1. The Number of Target systems is the total no of Applications that will need to be integrated into IDHub for your ongoing processes. We advise that you review your requirements for a seamless experience.
2. We will be dividing the count of the target systems required into three different recommendations for IDHub subscription models:

Subscription Model -->	Free Trial	Teams (On-Premise)	Enterprise (On-Premise)
Total No. of Target system integrations	0-5	5-25	25+

Need more help?

Folks at IDHub are ready to support you.

Ask the IDHub Team