Topology Considerations

Applies To: Forefront Identity Manager, Forefront Identity Manager 2010

You can deploy Microsoft® Forefront® Identity Manager (FIM) 2010 components on the same server or among multiple servers in multiple configurations. The topology that you select for your deployment affects the performance that you can achieve from FIM 2010. This section introduces multiple FIM 2010 deployment topologies that you may consider implementing.

Note

For additional information about FIM 2010 topologies, see Preinstallation and Topology Configuration.

Topological Components

You can run several FIM 2010 components on the same computer or distributed among multiple computers. The following table describes topology options for the FIM 2010 components.

Component Description Topology options

FIM Portal

Interface for performing password resets, group management, and administrative operations

Host on the same computer as the other FIM 2010 R2 components, subdivide it onto a separate server, or expand to a Network Load Balancing (NLB) cluster

FIM Service

web service that implements FIM 2010 R2 identity management functionality

Host on the same computer as the other FIM 2010 R2 components, place on a separate server, or implement an NLB cluster

FIM Synchronization Service

Synchronizes data with other identity stores

Host on the same computer as the other FIM 2010 components, place on a separate server

Microsoft SQL Server

FIM Service and FIM Synchronization Service store their data in independent SQL databases

Host on the same computer as the other FIM 2010 components, place on a separate server, or implement a server cluster

Multitier Topology

The multitier topology is the most commonly used topology. It offers the greatest flexibility. The FIM 2010 R2 Portal, FIM 2010 R2 Service, and databases are separated into tiers and deployed on multiple computers. This topology adds flexibility in scaling the different FIM 2010 R2 components. For example, you can scale the FIM 2010 R2 Portal horizontally by adding additional servers in an NLB cluster. Similarly, you can scale the FIM 2010 R2 service by using an NLB cluster and by increasing the number of computers (nodes) in the cluster as needed.

In the multitier topology, a dedicated computer to host each SQL database (one for the FIM 2010 R2 Service and another for the FIM 2010 R2 Synchronization Service) is allocated. The scalability of the performance of the computers that host the SQL databases can be increased by adding or upgrading hardware, for example, by upgrading the CPUs, adding additional CPUs, increasing random access memory (RAM) or upgrading the RAM, or upgrading the hard drive configurations to increase read and write access and decrease latency.

FIM Multi-Tier Topology Example

In this configuration, the FIM 2010 R2 Synchronization Service and its database are hosted on the same computer. However, you should be able to achieve similar performance if there is a one-gigabit dedicated network connection between the FIM 2010 R2 Synchronization Service and its database when they are hosted on separate computers. For an example of a tested scenario illustrating the FIM 2010 R2 Synchronization Service hosted on the same computer as its database compared with a scenario in which the database and service are hosted on different computers, see Performance Testing FIM Service.

Multitier Topology with Multiple FIM Services

Synchronization of data with external systems can add a considerable load to the system and run over an extended period of time. If the synchronization configuration results in triggering policies with workflows, these policies contend for resources with end-user workflows. Such issues can be pronounced with authentication workflows, such as password resets, which are done in real time with an end user waiting for the process to complete. By providing one instance of the FIM 2010 R2 Service for end user operations and a separate portal for administrative data synchronization, you can provide better responsiveness for end-user operations.

FIM Multi-Tier Topology with Multiple FIM Services

As with the standard multitier topology, you can increase FIM 2010 R2 Portal performance by using an NLB cluster and by increasing the number of nodes in the cluster as needed.

The performance computers running SQL Server that host the FIM 2010 R2 Synchronization Service and the FIM 2010 R2 Service database will dramatically influence the overall performance of your FIM 2010 deployment. Therefore, follow the recommendations in SQL Server documentation for optimizing database performance. See the following documents for more information:

See Also

Concepts

FIM Synchronization Service Performance for Different Topologies
Capacity Planning Guide
Performance Testing FIM Service
Performance Testing FIM Synchronization