• Categories

  • AEM Security Implementation Choices

    By Francis Preston

    Well, you have done your research and have decided to move forward with the AEM Security, Digital Rights Management (DRM) implementation. Congratulations, a good choice so now your work really begins.


    There are a variety of choices and decisions that must be made to get things moving in the rights direction.


    1. What environment should you deploy the AEM server on?


    This is a good and sometimes difficult question. There is of course the decision based on what are the corporate standards, Windows or Linux servers, JBoss, WebLogic or WebSphere application servers and lets not forget MySQL, Oracle or MSSQL database server environments.


    It is safe to say that the Adobe AEM security will run reliably in all of these scenarios but are there other considerations that can affect this decision.


    In most cases it will be based on server load and desired performance. Of all of the options available it has been my experience that Windows, JBoss with either Oracle or Microsoft SQL yields the best results. This particular configuration is also the simplest to setup and deploy.


    That certainly does not prevent you from considering any of the available options. The overall differences are within 10% of each other performance wise.


    2.  Can you run in a Virtual Machine (VM) environment or should physical hardware be used?

    There is always a price running in a VM environment and the primary cost is performance. VM’s have come a long way over the last few years and many clients opt to run in a VM scenario successfully.  One of the key benefits is the ability to quickly stand-up a new environment.


    A couple of considerations for a VM choice would be how many other servers reside on a single VM server. This is important because a VM server shares it’s resources with all systems running in the environment. Assigning dedicated CPU’s and Memory can mitigate some of these issues. The single biggest issue is IO (input/output) read and writes to the drives. Again these are shared resources and are a clear bottleneck for performance.


    Clearly the ideal scenario is having dedicated physical machines available for your deployment. The benefits are dedicated CPU’s, Memory and read/write access in a dedicated environment. The primary negative is the base cost and getting the physical servers in place. 


    3. Can I scale up as the load increases?

    Scaling is a critical decision that needs to be made at the pre installation phase. In all cases yes, AEM Security can scale up using clusters of servers. In addition to handling larger loads, using clustering allows you to configure failover and load balancing.


    A typical basic implementation would involve a two-server cluster. This allows for both failover and load balancing. If the load increases to capacity you can add another server to the cluster.


    It is also important to note that if the implementation is mission critical and you are considering disaster recovery when considering failover you should also be looking at making sure your two environments are not co-located. This is true for physical and virtual environments.


    4. Can this be deployed in our existing network infrastructure?



    The short answer here is yes but there are many different configurations on infrastructure that have to be considered.


    In my experience we can accommodate virtually any potential scenario but it would take much more time than this article can cover. One of the key questions to ask is whether the DRM implementation is to be accessed by internal resources only or will it be necessary to provide external access to the DRM as well. Answering this question will provide a clear path to how we would need to approach the implementation architecture.


    There certainly are more questions related to getting all of the details of your implementation but these 4 are key to getting the basics sorted out and your servers installed.


    In our next article we will discuss configuration and what type of authentication you would likely use in various scenarios, like LDAP, Custom Authentication and external users.




    Need a hand?
    Contact Us