ConfigMgr 2007 Distribution Points Load Testing
At Microsoft, we have 280,000+ client machines that are managed worldwide and in our past life we were planning to scale our service to other companies client machines as well. As part of the platform team responsible for ensuring that our ConfigMgr 2007 infrastructure could scale to support hundreds of thousands of clients (and even millions), we had to find a way to solve a rather non-trivial mechanism for testing our Distribution Points (DP) to ensure they could effectively manage the connections thrown at them by the CCMEXEC (SMS) client agent.
In the next 3 to 4 posts, I’m going to outline how we creatively came up with a mechanism to generate load testing against our DPs. The one caveat is this load testing is only for HTTP-based traffic that is unsecure (Mixed-mode) or secure (Native mode).
Let’s get started…
Required Tools
In this first post, I want to share with you what applications we used in order to do this testing and the reason we selected these tools. The following table lists the tools we used to build this functionality:
Tool | Purpose |
Visual Studio 2005/2008 | In order to generate load, we wrote code (CertPicker) that would grab randomly from directory certificates stored in PFX format and load the certificate and delete it after using it. These certificates were generated from a trusted Certificate Authority for the DP (NOTE: This is only needed if you are running ConfigMgr 2007 in Native Mode) |
ConfigMgr 2007 DP | Obviously, you need a DP in as this is the purpose of the load testing. However, you will need to have a valid set of packages (we used various sizes) that are created and already replicated to your DPs |
Visual Studio Team System 2008 | There are a number of HTTP-based load testing toolsets out on the market but the most comprehensive and flexible is, in my opinion, the Visual Studio Team System. This edition allows you to create Web and Load tests and automatically tracks the performance of your DP and reports this to you. Beyond that, you can easily store them in a database for metric reporting at a later date. |
Certificate Authority | For ConfigMgr 2007 Native-Mode, you will need to have a Certificate Authority who has a valid client certificate template available to create certificates. Ideally, you would create a number of certificates that are automatically exported to a PFX file for use by your load test. |
Part I: Compile your CertPicker Code
There are two methods to actually use CertPicker and I’m including source for both of them. The first is an assembly that can be resourced in your Web tests (see future post to understand this concept) but you can also use it as part of a Console application (Command-Line).
Assembly:
Code Snippet
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Security.Cryptography.X509Certificates;
using System.IO;
namespace CAdCertPicker
{
public class CertPicker
{
private string _certLocation;
private static Random _rand = new Random((DateTime.Now.Minute ^ DateTime.Now.Millisecond) * DateTime.Now.Second);
public CertPicker(string certLocation)
{
if (string.IsNullOrEmpty(certLocation))
{
throw new ArgumentNullException("certLocation");
}
_certLocation = certLocation;
}
public X509Certificate2 GetRandomCertificate(string certPassword)
{
return GetRandomCertificate(_certLocation, certPassword);
}
public static X509Certificate2 GetRandomCertificate(string certLocation, string certPassword)
{
string[] files = Directory.GetFiles(certLocation, "*.pfx");
if (files.Length > 0)
{
if (certPassword == null)
{
return new X509Certificate2(File.ReadAllBytes(files[_rand.Next(0, files.Length - 1)]));
}
else
{
return new X509Certificate2(File.ReadAllBytes(files[_rand.Next(0, files.Length - 1)]), certPassword);
}
}
throw new InvalidOperationException("No certificates ending in *.pfx in '" + certLocation + "'");
}
public void InstallCertificate(X509Certificate2 cert)
{
InstallCertificate(cert, StoreLocation.LocalMachine);
}
public void InstallCertificate(X509Certificate2 cert, StoreLocation storeLocation)
{
X509Store store = new X509Store(StoreName.My, storeLocation);
try
{
store.Open(OpenFlags.ReadWrite);
store.Add(cert);
}
finally
{
store.Close();
}
}
public X509Certificate2 InstallRandomCertificate(string certPassword)
{
X509Certificate2 cert = GetRandomCertificate(certPassword);
InstallCertificate(cert);
return cert;
}
public X509Certificate2 InstallRandomCertificate(string certPassword, StoreLocation storeLocation)
{
X509Certificate2 cert = GetRandomCertificate(certPassword);
InstallCertificate(cert, storeLocation);
return cert;
}
public void RemoveCert(X509Certificate2 cert, StoreLocation storeLocation)
{
RemoveCertificate(cert, storeLocation);
}
public void RemoveCert(X509Certificate2 cert)
{
RemoveCertificate(cert, StoreLocation.LocalMachine);
}
public static X509Certificate2 InstallRandomCertificate(string certLocation, string certPassword)
{
return InstallRandomCertificate(certLocation, certPassword, StoreLocation.LocalMachine);
}
public static X509Certificate2 InstallRandomCertificate(string certLocation, string certPassword, StoreLocation storeLocation)
{
CertPicker certPicker = new CertPicker(certLocation);
return certPicker.InstallRandomCertificate(certPassword, storeLocation);
}
public static void RemoveCertificate(X509Certificate2 cert)
{
RemoveCertificate(cert, StoreLocation.LocalMachine);
}
public static void RemoveCertificate(X509Certificate2 cert, StoreLocation storeLocation)
{
X509Store store = new X509Store(StoreName.My, storeLocation);
try
{
store.Open(OpenFlags.ReadWrite);
store.Remove(cert);
}
finally
{
store.Close();
}
}
}
}
Console:
Code Snippet
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using CAdCertPicker;
using System.Security.Cryptography.X509Certificates;
namespace CAdCertPickerConsole
{
class Program
{
static void Main(string[] args)
{
// Using it -- using the static CertPicker methods - there are multiple overloads too.
X509Certificate2 cert = CertPicker.InstallRandomCertificate(@"C:\Users\bdela\Desktop\HavanaStress_20", "ObjGen", StoreLocation.LocalMachine);
CertPicker.RemoveCertificate(cert, StoreLocation.LocalMachine);
// Using it -- using the static CertPicker methods - there are multiple overloads too.
CertPicker picker = new CertPicker(@"C:\Users\bdela\Desktop\HavanaStress_20");
cert = picker.InstallRandomCertificate("ObjGen", StoreLocation.CurrentUser);
picker.RemoveCert(cert, StoreLocation.CurrentUser);
}
}
}
NOTE: A quick shout out thanks to Brian Delahunty, my resident helper when code doesn’t work\stuck, who helped me with this code. Irish, you rock!
Part II: Creating your source Certificates for use with CertPicker
In my next post, I’m going to share with you how to create the correct client certificate template on a Microsoft Certificate Authority (CA) that will allow you to generate the correct certificate. After this, I will share a quick insight into how to write a quick .EXE that requests certificates from the CA automagically based on the template name.
Stay tuned…
-Chris
Comments
Anonymous
January 01, 2003
The last variable in the load testing scenario is the actual creation of your stress tests using a WebAnonymous
January 01, 2003
  At Microsoft, we have 280,000+ client machines that are managed worldwide and in our past lifeAnonymous
January 01, 2003
PingBack from http://www.netdeluxo.com/blog/blogs/some-rumblings-from-the-weeds-of-microsoft-configmgr-2007/Anonymous
January 01, 2003
The comment has been removed