User Objects ‐ General Performance Tips
EEPC can support thousands of users per group and per machine. That said, for performance and security
reasons, it is strongly recommended the numbers be kept to a minimum; assign fewer users to systems
limiting to those who really need access. For example, a number of setups from customers have some
administration/IT support users as well as individual users assigned to clients providing better security and
performance.
If enough care is taken and adequate planning is made, performance and security can be increased
considerably. Adding all users from large groups to all systems ‐ without basic planning ‐ is a bad idea. Adding
thousands of users is possible; however, this will use more storage space and cause synchronization events to
take much longer because each user is checked for updates during a synchronization. In addition, this can tie
up the Object Directory server spending many extra seconds or minutes servicing each client.
EEPC has excellent password synchronization across all the endpoint clients a user is assigned to. It is therefore
logical that adding thousands of users to each machine will add many more synchronization events across the
enterprise. This will put further strain on servers and networks.
To ease the strain, you can configure the resync properties to a less aggressive setting (from Endpoint
Encryption Manager see Machine Properties, Sync tab, Automatically resynchronize every x minutes option).
Change to several hours rather than the default 60 minutes, especially if you have many users assigned. Set it
to 240 minutes (4 hours) or 480 minutes (8 hours), or longer, depending on anticipated load and requirements
for security policy updates or audit gathering.
Many large deployments successfully use only the base sync event on boot up. Some also use the resync
option set to just less than a day, for example, 1200 (20 hours) to force at least one daily sync. This will ensure
policy changes are applied; it will catch any unattended systems or those users who do not wish to restart
often and ensure they do supply audit information.
23