DE v7.1 FAQ: Handling large numbers of users

Version 2

    Q: Has the number of users supported in pre-boot changed?

    The McAfee pre-boot environment has now been improved to support >5,000 users without perceptible performance degradation during pre-boot authentication. The previous limit was a maximum of 250 users inpre-boot. You can now safely provision all users to shared desktops enabling any user to use any system.

     

     

    Q: What is McAfee’s recommendation for the number of users assigned for pre-boot authentication?

    McAfee’s general recommendation remains unchanged. Only the minimum number of users should be assigned for pre-boot authentication. As few as possible.

     

     

    Q: Is there any penalty if I allow 5,000 users to log in at pre-boot on a single machine?

    Yes there is a penalty that is paid. Activation will take longer as it will need to download all of the information about the 5,000 users. Sync’ing user information will take longer, increasing the workload onthe ePO server.

     

    Also, other actions that include user information will take longer to process too. An example of this is Saving the Machine Information on a client, as it will also include user information.

     

     

    Q: Can this impact the scalability of my ePO server?

    Yes, most definitely. Your ePO server will be performing more work per ASCI to ensure that all of the information is up to date.

     

     

    Q: Give me an example, what happens if I have 100 systems that each has 5,000 users assigned?

    Let’s take the most common occurrence, a changed password. For a single user, that would be captured on one system, uploaded to ePO and then pushed down to the other 99 systems when they sync with ePO.

     

    Now we imagine that every 90 days you force users to change their passwords. On a bad day, you have 5,000 users update their password. That means that there will be 500,000 updates (5,000 users x 100 systems) that the ePO server will need to process at various times as the systems synchronize with ePO.

     

     

    Q: So there is also extra network traffic?

    That’s correct. All of this is handled across the network. Although individual user data is small (generally < 20kb) it will be multiplied out by the number of transactions. And if one of your systems has a slow link, it could take a considerable amount of time to receive all of the changes. If the server is handling user updates for many clients the network traffic could also be significant. In the worst case, it may not receive all of the updates in a single sync period.