I am looking for the maximum number of standard agents I can put on an AM8.2 server and if it matters if they are restricted/unrestricted (separate counts for both?)
What is the maximum number of users/tokens while we're at it?
No, but the discussions and patches over the past year focus on the number 50,000, because a few of our larger customers use this many Windows agents, which can auto-register but also can request offline authentication data, so there had to be some adjustments in the AM 8.2 server to handle all this, as well as updates in our agent code to randomize when they all ask for an automatic top off of offline days if online. If you are considering more than 50,000, we should probably discuss through a support case, but if you see 50,000 as a ceiling, you should be fine at AM 8.2 P5 or later and the newest agent build of v. 7.3.2 or the new 7.3.3 due very soon. If you need to run this many agents with AM 8.1 SP1, you should at least be at P15 and talk to support about a hot fix Engineering did for this version.
And even if you are at 10,000 or less agents, there are still a lot of reasons to be at the latest patches;
AM 8.1 SP1 P15 is your absolute minimum, anything less at this date is problematic
AM 8.2 P5
or AM 8.2 SP1, and get Patch1 when it comes out soon, as AM 8.2 SP1 was based on a code freeze of AM 8.2 P3, so is missing P4 &5
the other number bounced around is 1,000,000 users with SecurID tokens, hardware or software. I don't think there is a number for Risk Based Authenitcators, RBA, but I would expect that number to be much lower
Thank you, Jay! Most of our authentication passes through our ACS server, but we have our UNIX systems pointing directly at the AM. I suspect we will have far less than 50K of those agents, probably less than 10K. We are running 8.2SP1 and plan to keep it updated.
The Authentication request process is short and sweet, especially for non-Windows agents with no offline days, auto-registration or Windows Password integration, basically six 64-byte packets to and from either UDP port 5500 for Native SecurID (SDI as Cisco still calls us, they have been doing SID so long they still refer to us by our original name, Security Dynamics Inc.) or only two 64-byte packets if using RADIUS. If you want a primer on packet decodes for authentication traffic see attached PPTs
Retrieving data ...