LDAP: ACCESS & DATA ADMINISTRATION NEWSLETTER 4/23/05 DOUBLE ISSUE Topics: LDAP Server Performance: Benchmarks and Load Testing Issue Contents: * LDAP Server Performance: Benchmarks and Load Testing * Next Time: LDAP Server Performance: Certifications _______________________________________________________________ This newsletter is sponsored by Alessea Consulting. Business/IT Services for small and medium businesses. Specializing in network identity, project management, and business development. Visit us and read more about the Alessea difference. URL: <http://www.alessea.com>http://www.alessea.com Mail: <mailto:info@xxxxxxxxxxx>info@xxxxxxxxxxx RSS: <http://www.alessea.com/feed.xml>http://www.alessea.com/feed.xml Phone: 860-346-9121 _______________________________________________________________ By Hallett German Topic: LDAP Server Performance Part 1: Benchmarking and Certifications This is a new series about LDAP Server Performance. One that will take us through many topics such as server benchmarks/certifications, server sizing, capacity planning, and server optimization. We hope to provide you a good roadmap of the products and trends in these fields. This first article in the series will review LDAP server benchmarking and load testing software. There is SO much to cover we made this a double issue, so let's get started! LDAP BENCHMARKING In the ideal sense, benchmarking compares one software product to another. Unfortunately, the "winner" or "loser" has big sales and marketing share implications. So, one can always expect on every LDAP server's website to find the mandatory white paper on how their LDAP server outperformed their competitors. This white paper may be interesting to read but will not likely help in choosing the directory server which is best for you. To counter the claims of these white papers has been the growing availability of a rich software library of benchmarking and stress-testing tools. These tools build on the long history of the practices of capacity planning, and system/database/application performance analysis & optimization. In 1985, Mindcraft, Inc was formed in Los Gatos, California. It has a main mission of being a software testing library. But somewhere along the way, the company decided to make an effort to create and promote benchmarking standards. One of these was the DirectoryMark measurement metric born in 1998. The test executables to run these tests are free but the source code is not. Note that the code uses the Netscape SDK. There are available for Windows2000/3 and Solaris platforms. It should work with any LDAP version 2 or version 3 compliant directory. The 1.3 (latest version of DirectoryMark) says it works with Microsoft Active Directory on Windows 2000/2003, ADAM (Active Directory Application Mode). The 1.0 documentation provided a list of servers DirectoryMark was tested but it sorely needs an update. Mindcraft does not provide direct support but does have a Frequently Asked Questions (<http://www.mindcraft.com/directorymark/dirmarkfaq.html>http://www.mindcraft.com/directorymark/dirmarkfaq.html) and an on-line forum which seems fairly quiet. (Available at <http://pub86.ezboard.com/fperformancetestingandmarketingfrm2>http://pub86.ezboard.com/fperformancetestingandmarketingfrm2) The following steps are needed to get your benchmark test working: (This is based on the MS Windows instructions.) 1. Have a test directory Server available 2. Use the perl script dbgen.pl to load test data into your directory. An LDIF file is then created. 3. Import the LDIF into your directory server. 4. Create your test script(s) (containing the LDAP commands that you are going to use for testing) using the scriptgen perl script. 5. Create a directory to hold your test results. 6. Edit the DirectoryMark config file with the appropriate information to access your directory, script locations, result locations, etc. 7. Run at the MS Windows command prompt: DirectoryMark.exe config 8. Check the results 9. Rerun with a different script(s) Note that Mindcraft also produces certified performance reports which are thorough but not always for the current release. You can re-create these tests yourself by using the run rules (canned scripts) supplied with the product. We also encourage the user to read the article by Wang, Schulzrine, Kandlur and Verma referenced below. In the third article we will delve more into the measurements and analysis of benchmarking. LOAD GENERATORS There is a second class of tools that share of the aspects of LDAP server benchmarking but are primarily load generators. Load testing emphasizes performance rather than functionality. SLAMD (officially called the "SLAMD Distributed Load Generation Engine") seems to be a popular third-party choice. It was created by developers at Sun as a load testing tool that can be used to load test popular Internet Web protocols (such as HTTP, SMTP, IMAP, and POP.) The software is Java-based and open source. The SLAMD site provides mailing lists (<http://www.slamd.com/mailing-lists.shtml>http://www.slamd.com/mailing-lists.shtml), frequently asked questions (<http://www.slamd.com/faq.shtml>http://www.slamd.com/faq.shtml), and a futures list (<http://www.slamd.com/future-plans.shtml>http://www.slamd.com/future-plans.shtml) SLAMD also provides many other extras such as an Java-based API to customize testing, an embedded scripting engine for load testing, and a useful tool to capture LDAP sessions and convert them into a SLAMD script-compatible format. Note that HTML and command-line interfaces are provided. SLAMD has a rich library of documentation on the product's capabilities. Some recommendations include: Benchmarking the Sun One 5.2 Directory Server with SLAMD, and the Scripting Guide (especially the chapter on Interacting with LDAP servers) Microsoft, Novell and Sun all provide free load generators that work with their LDAP servers. Let us look at each of these: MICROSOFT -- ADTEST Microsoft offers an Active Directory Performance Testing Tool (ADTest.exe) that it recommends for Active Directory and AD/AM under Windows 2003 (and Windows 2000 if needed). To initiate ADTest.exe at the windows prompt, enter adtest -r testname. (-r stands for run). adtest -? lists all of the possible options. Some of the popular test names are the following: -adam (test ad/am), -mms (metadirectory), and -sam (sam -security accounts manager). Other setting are configuration/debugging settings for tests, and administrative operation tests. Using your own or the canned "adtest.ats" text configuration file, you can quickly create your own load testing scenarios. As an example, this file includes these tests -- l1_10attr, l1_20attr, l1_30attr. These tests search for 10-30 attributes depending which one you selected. Once you download this testing tool, do take the time to read through the included white paper for a review of tool capabilities and suggestions on possible tests to perform. NOVELL Novell seems to have many detailed Tech Notes and Knowledge Forums on performance testing but we were unable to find much information on the tools used in their whitepapers. (Please send us any info you may have on this and you will be mentioned in a future newsletter!) One Tech Note referred to DirectoryMark and searchrate (described below). There is no doubt that you can build your test suite based on the eDirectory SDK (<http://developer.novell.com/ndk/edirsdk.htm>http://developer.novell.com/ndk/edirsdk.htm) In our travels, we also found a nifty LDAP search benchmark tool. (<http://www.novell.com/coolsolutions/tools/1590.html>http://www.novell.com/coolsolutions/tools/1590.html) This product works from the GUI or command line interface. This was created by Richard Stubbs who last we heard was doing directory efforts at University of KwaZulu-Natal in South Africa. SUN --LDCLT AND SEARCHRATE Sun offers the powerful ldclt load testing tool as part of their Directory Server Resource Kit. (<http://docs.sun.com/source/816-6400-10/ldclt.html>http://docs.sun.com/source/816-6400-10/ldclt.html) To start the tool enter at the command line ldclt and the various options simulating your search, load, and test intervals (such as -a -- number of concurrent operations) -H/-h/-? lists all the available options and details. These tests can be very specific using the -e parameter (such as add,delete and other LDAP administrative operations). The result of this run will be various summary statistics which can be used as part of your analysis. Another common tool is searchrate (<http://docs.sun.com/source/816-6400-10/srchrate.html>http://docs.sun.com/source/816-6400-10/srchrate.html) measuring LDAP search performance. It will return statistics such as number of search operations performed. Other tools are also available to measure additional LDAP operations (<http://docs.sun.com/source/816-6400-10/ldapthreepart.html>http://docs.sun.com/source/816-6400-10/ldapthreepart.html) Next time, we take a brief aside looking at the LDAP server certification process before looking deeper at benchmarking. References: Here are some representative references: BENCHMARK TOOLS <http://www.novell.com/coolsolutions/tools/1590.html>http://www.novell.com/coolsolutions/tools/1590.html Benchmark LDAP query tester for LDAP servers <http://www.slamd.com/>http://www.slamd.com/ Open-source Java Application that can stress-test LDAP server workloads. Results are currently stored in a LDAP directory as well. <http://www.slamd.com/docs/benchmarking_ds52.pdf>http://www.slamd.com/docs/benchmarking_ds52.pdf How to Benchmark LDAP Servers with SLAMD tools <http://blogs.sun.com/roller/page/Ludo/20040906>http://blogs.sun.com/roller/page/Ludo/20040906 Blog summary of LDAP load-testing tools. <http://docs.sun.com/source/816-6400-10/contents.html>http://docs.sun.com/source/816-6400-10/contents.html Sun One Benchmarking and stress test tools <http://www.microsoft.com/downloads/details.aspx?FamilyID=4814fe3f-92ce-4871-b8a4-99f98b3f4338&DisplayLang=en>http://www.microsoft.com/downloads/details.aspx?FamilyID=4814fe3f-92ce-4871-b8a4-99f98b3f4338&DisplayLang=en Active Directory load testing tool (ADTest.exe) <http://www.novell.com/coolsolutions/tools/1590.html>http://www.novell.com/coolsolutions/tools/1590.html Utility to benchmark the speed of LDAP searches COMPARATIVE BENCHMARKS <http://www.isode.com/whitepapers/m-vault-benchmarking.htm>http://www.isode.com/whitepapers/m-vault-benchmarking.htm Isode versus Sun with detailed results <http://email.uoa.gr/docs/ldap/Measurement.pdf>http://email.uoa.gr/docs/ldap/Measurement.pdf A ground-breaking article by Wang, Schulzrine, Kandlur and Verma on how to measure and improve LDAP system performance and the measurement methodology as well <http://www.nwfusion.com/reviews/2000/0515rev2.html>http://www.nwfusion.com/reviews/2000/0515rev2.html The classic 2000 Network World article comparing LDAP servers Next Time: LDAP Server Performance: Part 2: Certifications Topic: Articles and Comments Welcome I welcome 100-800 word articles for inclusion in future issues. Vendors and LDAP data administrators are particularly welcome. Of course, you receive full credit and ownership of your article. Thanks in advance for your help. Please feel free to comment on how useful it was and what you would like to see in the future. Contact me at <mailto:hallett.german@xxxxxxxxxxx>hallett.german@xxxxxxxxxxxx ______________________________________________________________ About Hal German Hallett German has 20 years experience in a variety of IT positions and in implementing stable infrastructures. This includes directories/messaging architecture, desktop support, and IT management. Hal is the founder of the Northeast SAS Users Group and former President of the REXX Language Association. He is the author of three books on scripting languages. Periodically, he writes articles on various business and IT topics. ______________________________________________________________ Contacting Hal German/Past Issues Mail: <mailto:hallett.german@xxxxxxxxxxx>hallett.german@xxxxxxxxxxx Archive of the LDAP Administration Newsletter: <http://www.alessea.com/newsletters.htm>http://www.alessea.com/newsletters.htm _______________________________________________________________ Copyright Alessea Consulting 2005 _______________________________________________________________