Determening the number of clients per KDC

Sergei Gerasenko gerases at gmail.com
Mon Apr 16 00:21:51 EDT 2018


Thanks for the quick response, Russ. Let’s say I run 1 worker process. How many clients can that sustain in the worst case scenario of all the clients trying to get a ticket? I need some way to quantify this. As for failover, I am planning to deploy a standby node.

> On Apr 15, 2018, at 11:13 PM, Russ Allbery <eagle at eyrie.org> wrote:
> 
> Sergei Gerasenko <gerases at gmail.com> writes:
> 
>> I’m planning an MIT KDC installation for a hadoop cluster consisting of
>> X clients with Y kerberized services each. The KDCs are rather powerful
>> machines with 64 cores and 125G of RAM. I want to get the most out of
>> this hardware and use the mininum number of KDCs required. Is there a
>> rule of thumb for situations like this?
> 
>> For example, imagining X=300 and Y=10, can/should I run X*Y (3000)
>> workers to accomodate the worst case scenario when they all want to get
>> their tickets? Or can I assume that X*Y/2 will can handle that?
> 
> For 3000 workers, you could probably run the KDC on a Raspberry Pi.
> 
> Redundancy for outage tolerance is almost certainly going to be the
> limiting factor for number of KDCs in this situation unless you have way,
> way more clients getting tickets than that, or you're using really short
> ticket lifetimes, or you have some other unusual situation.
> 
> -- 
> Russ Allbery (eagle at eyrie.org)              <http://www.eyrie.org/~eagle/>




More information about the Kerberos mailing list