Specifications
Large-scale deployment considerations
| 99
Large-scale deployment
considerations
This chapter briefly outlines some recommendations for large scale deployments of
Endpoint Encryption for Files and Folders. These are just general recommendations.
For your particular environment additional recommendations may apply. Please
consult your Endpoint Encryption representative if you have special considerations for
your environment.
The definition of a large-scale installation is any deployment with 1000 users and
above.
First-time logon
If many clients are deployed simultaneously and the systems are re-started such that
the clients all try to contact the database at the same time (e.g. due to the forced
logon) the response times may be quite long.
The reason for this is that for each user authenticating to the central database (i.e.
doing a logon), the directory infrastructure performs a name-to-id lookup. This
involves trawling the object directory to find the user object with a name attribute
which matches the one requested. Also, when a new object is created, a trawl of the
entire database is initiated to check that the new (e.g.) user is unique.
To remedy this situation, it is strongly recommended that name indexing is enabled in
the central object directory, see the next section for details.
Enable database name indexing
This operation significantly improves the response time when the clients communicate
with the Endpoint Encryption object directory. The name index creates a shortcut to
the name-to-ID lookup by periodically creating indexes of the name/id attributes of all
objects in the directory.
For further details about name indexing, please consult the Endpoint Encryption
Manager Administration Guide.
The following configuration values (in the file dbcfg.ini) are recommended:
[NameIndex]
Enabled=Yes
LockTimeout=3000
LockSleep=10
HashCount=32
MinEntrySize=16
LifeTime=0