.. Reminder for header structure: Parts (H1) : #################### with overline Chapters (H2) : ******************** with overline Sections (H3) : ==================== Subsections (H4) : -------------------- Subsubsections (H5) : ^^^^^^^^^^^^^^^^^^^^ Paragraphs (H6) : """"""""""""""""""""" .. |date| date:: .. meta:: :description: Dimensioning a Samba Active Directory server :keywords: Documentation, Samba-AD, dimensioning .. _samba_server_dimensionning: ############################################ Dimensioning a Samba Active Directory server ############################################ *********************** Dimensioning the memory *********************** For testing purposes, a machine with about 1GB of RAM is sufficient. For a production setup, Tranquil IT recommends a minimum of 4GB of RAM, then 2GB per additional 1000 users. .. note:: The parameter that has the most influence on memory requirements is the number of simultaneous session openings. Indeed, for each login Samba will initiate a **smbd** process to serve the :file:`SYSVOL` directory for each user to download GPOs. Opening a large number of **smbd** processes in parallel can lead to memory saturation. Normally logging on and applying GPOs is fast and the user’s **smbd** process is quickly closed. However, if a GPO takes a long time to complete, the accumulation of **smbd** processes can saturate the RAM. ************************ Dimensioning the storage ************************ As far as disk space is concerned, 10GB is sufficient for domains with a few hundred users. Then, you will adapt your storage strategy according to your needs: * Log levels and log retention policy; * Use of images or avatars to identify users; * Number of users, machines and groups; ***************** Dimensioning CPUs ***************** As far as CPUs are concerned, for a few hundred users 4vcpus are sufficient, beyond that increase to 6vcpus. .. hint:: Some Samba processes are not multi-threaded, so increasing the number of CPUs will not increase performance. To balance the load, it is then necessary to create a second domain controller in replication with the first one and apply a load balancing policy at the client level. A Samba 4.11 Domain Controller can easily handle a load of 10,000+ users. The number of domain controllers required will therefore vary depending on several parameters: * 802.1x authentication in MSCHAPv2. * Number of third-party LDAP applications connected to the AD. * Quality of code of third-party LDAP applications connected to the AD. * Number of requests to fileservers. * Etc.