Scheduling HyperSync Panel

HyperSync operations depend on schedules configured through the Identity Panel scheduler. The three phases of operations are:

1. Data scans
2. Synchronization
3. Workflow actions

Of the three, workflow actions always process automatically as they are triggered. Data scans and synchronization must be explicitly scheduled.

Data Scanning Schedules

For data collection, HyperSync Panel relies on the existing data collection processes of Identity Panel. Each provider defines its own data scan types with suggested frequencies.

Typically data scans may operate in parallel with any other operations, with the caveats that only one scan may run on a given provider at once, and a single panel service may become overloaded if too many (e.g. more than 3-4) data scans are executing in parallel. Limits can be increased by installing additional panel services.

Some providers, e.g. Workday only support full scans (analogous to full imports in MIM). This is not typically a performance barrier for operations, as scans on providers are fully independent (and non-blocking) from each other, and from synchronization.

Other providers, e.g. Active Directory or Azure AD support both full scans and delta scans. It may be appropriate to schedule scans at a much higher frequency when using HyperSync than would be the case when just using Identity Panel for reporting.

One common pattern is to group delta scans and full scans into separate schedules with an appropriate frequency for each.

Here is a sample full scan schedule, set to start at midnight and run every two hours.

Here is a sample delta scan schedule, set to start 10 minutes after midnight and run every 5 minutes, with steps executing simultaneously.

NOTE: even though delta scans may not execute until that provider's full scan completes, there is no problem with having overlapping dispatch times, as the Identity Panel scheduler will wait until it is safe to dispatch the next step(s).

Synchronization Schedules

HyperSync processes using Delta Sync and Full Sync steps. Because HyperSync executes on the web server and only one sync may execute at once, some scheduler step options are suppressed, including panel service selection, condition rule, skip rule, and async options.

Because both Access Panel and HyperSync Panel execute on the web server using similar data, it is possible to run both HyperSync Panel and Access Panel processing as a single step. Running both together is slower than running them individually, but much faster than running one then the other.

Multi-Step Syncs

Sometimes HyperSync Panel configuration will require multiple syncs to achieve an entire flow process. For example an organization may have the following sequence of delta syncs:

1. Project the user from HR into the Hyperverse
2. Calculate job details and flags
3. Generate unique account names
4. Provision accounts to AD and/or Azure
5. Back-flow new account details back into the Hyperverse.

There are two ways to handle multi-step scenarios:

The first option is to simply run schedules at a higher frequency and assume it will take multiple schedule iterations to fully process the account. The second option is to create a schedule with multiple sync steps that repeat consecutively. A related strategy on a full sync schedule is to follow the full sync with several delta sync steps.

Access Panel and HyperSync Panel

When Access Panel is not configured in the environment the Access Panel checkbox should be omitted (and vice-versa for HyperSync Panel).

When both are configured, the recommended procedure is:

1. Select both HyperSync Panel and Access Panel for at least one delta sync on delta cycle (e.g. if there are three delta syncs in a schedule, only one of them will have Access Panel selected). If there is only one sync in the delta cycle then it should have by HyperSync Panel and Access Panel selected. A suitable frequency for delta synchronization (depending on business requirements) is a range from every 5 minutes, to once per hour.
2. Select HyperSync Panel on every full sync, and Access Panel on 1/3 to 1/6 of the full syncs. A suitable frequency for HyperSync Panel full sync is a range from once every 30 minutes, to once every 3 hours. Because Access Panel processing is a slower, higher load operation, a suitable frequency for Access Panel processing is once every 2 hours to once very 6 hours.