hardware recommendation to run MIT KDC

Marcus Watts mdw at spam.ifs.umich.edu
Tue Aug 28 15:53:58 EDT 2007 

Shivakeshav Santi <ss488 at cornell.edu> writes:
> Date:    Tue, 28 Aug 2007 10:33:40 EDT
> To:      krbdev at mit.edu
> From:    Shivakeshav Santi <ss488 at cornell.edu>
> Subject: hardware recommendation to run MIT KDC
> 
> HI,
> 
>      We have  an MIT KDC with roughly 350K records on an AIX machine(450 
> MHz power3-II processors). We are thinking of moving the KDC off AIX. Our 
> options are Solaris or Linux. Do you have any suggestions as to which one 
> would be more stable and on what kind of hardware ?
> 
> I have read that KDC as such can run on a machine with basic configuration. 
> Our current AIX machines are quite stable , but we have to move off of AIX 
> soon.
> So I am looking for a hardware & OS combination that would be stable and be 
> able to handle 350K (and growing ) records. Right now we have about a 
> million requests to KDC daily.
...

I'm not quite sure this is the right place to ask, but:

Your 450Mhz power3-II machines are probably (roughly) a fast pentium 3
in terms of speed.  No doubt much more solid physical construction, of
course.

UMICH.EDU has over 350K records, & currently lives on 4 machines,
of which the first sees the lopsided majority of kerberos requests.
On a recent day, the first machine issued 1778483 tickets.  All these
machines are Dell PowerEdge 1750's -- dual pentium4 @ 3 Ghz, 4Gb ram,
running linux.  These machines are probably overkill in terms of CPU but
certainly handle the job.  I think virtually any new machine you buy,
baring low-end specialized processors, will have an adequate capability
in terms of system capacity to be a kdc.  A portable laptop certainly has
some attractions in terms of space, power consumption, heat production,
& having a built-in ups.

Other hardware aspects you might consider include redundant power
supplies, raid support, and console device.  Certainly a kerberos kdc will
benefit from redundant power; the kerberos library does support multiple
hosts and failing over, but there will be some delay while this happens.
It's not a huge delay, and redundant power does require some discipline
in terms of overall power distribution.  Raid support can improve disk
reliability, but raid drivers and support software can be a hassle.
Console devices -- well, you already deal with this.  If you are used to
the serial console support in Sun sparcservers, you will be disappointed
at what passes for serial bios support in the intel world.  I didn't
mention backup hardware, but you should have some plan for backups.

So far as solaris vs. linux goes, I think this depends more on your
local support capabilities and desires than any technical qualification.
Traditionally, solaris cost and came with commercial support but no
source; linux came free with source but limited support.  Today, you can
pay for linux support, and you get solaris source for free, so the choice
is certainly more complicated.  It will probably always be the case that
linux will run on a greater range of hardware, and have a greater range
of available software.  Neither of these are particularly relevant for
installing a kdc.

					-Marcus Watts

More information about the krbdev mailing list