Product Q&As
ForgeRock Identity Platform
Does not apply to Identity Cloud

Do ForgeRock products run on VMware?

Last updated Mar 15, 2022

The short answer is yes they do. ForgeRock products can run very successfully on VMware providing you configure your VMware environment correctly.


Overview

ForgeRock products can run very successfully on VMware providing you configure your VMware environment correctly.

A poorly configured or unstable Virtual Machine (VM) instance can lead to issues such as degraded performance, unresponsive servers and very high CPU usage. This is true for all products running on a VM and ForgeRock products are no exception.

VMware in particular offers several features, which are known to cause high CPU usage:

  • vMotion

This is a feature that automatically moves VMs from one physical host to another in response to alerts such as the physical host reporting CPU, memory or disk saturation. This feature is enabled by default on all hosts in VMware. When the VM is moved, the Reverse Address Resolution Protocol (RARP) table is changed, but the existing replication connections between servers are left pointing at the old address. This means the Replication Server and Directory Server keep trying to use the connection (increasing the CPU usage) which will never succeed. The existing replication connections will eventually time out and fail.

  • Snapshots

This is a feature that captures a live snapshot of the VM. This process typically makes the file system read-only during the snapshot, which is not recommended for high I/O applications (such as Directory Services) unless you completely stop the server first. 

  • Memory Ballooning

This is one of VMware's memory management strategies and involves reclaiming memory when the physical host is running low. In reality, this means the VM can consume more memory than has been allocated to it. When this happens, the VM pauses while the memory is being reallocated. Once the VM resumes, you will see a temporary spike in CPU while the server catches up (for example, on a Directory Services server, this would be things like replaying replication changes, purging the changelog etc). Once the server is caught up, CPU will subside to normal levels.

Successfully running on VMware

If you want to run ForgeRock products on VMware, you should heed the following advice to avoid known issues from the get-go:

  • Switch off the vMotion feature to prevent VMs being moved when servers are online.
  • Only perform snapshots when the ForgeRock product is offline.
  • Only move VMs when the ForgeRock product is offline and the VM is properly shutdown.
  • Leave the Anti-Affinity feature enabled (this prevents two VMs of the same type residing on the same physical host).
  • Ensure each ForgeRock product resides on a separate physical host to prevent resource contention.
  • Ensure you have enough memory on all physical hosts.
  • Configure VMware to pre-allocate memory resources to prevent Memory Ballooning.
  • Tune your servers appropriately.

See Also

VMware: vSphere vMotion

VMware: Overview of virtual machine snapshots in vSphere

VMware: Memory Balloon Driver

Very high CPU seen on ForgeRock products running on VMware


Copyright and Trademarks Copyright © 2022 ForgeRock, all rights reserved.