How it Works
IBM
Loading...
Tivoli Identity Manager
User Manual
22 pgs171.8 Kb0
Table of contents
Loading...

IBM Tivoli Identity Manager User Manual

IBM Tivoli Identity Manager Version 4.6 for z/OS Performance Tuning Guide
Issue Date:
2007 March 02 – First Edition
SC23-6536-00
Copyright Notice
Copyright IBM Corporation 2007. All rights reserved. May only be used pursuant to a Tivoli Systems Software License Agreement, an IBM Software License Agreement, or Addendum for Tivoli Products to IBM Customer or License Agreement. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any computer language, in any form or by any means, electronic, mechanical, magnetic, optical, chemical, manual, or otherwise, without prior written permission of IBM Corporation. IBM Corporation grants you limited permission to make hardcopy or other reproductions of any machine-readable documentation for your own use, provided that each such reproduction shall carry the IBM Corporation copyright notice. No other rights under copyright are granted without prior written permission of IBM Corporation. The document is not intend ed for production and is furnished “as is” without warranty of any kind. All warranties on this document are hereby disclaimed, including the warranties of merchantability and fitness for a particular purpose.
U.S. Government Users Restricted Rights -- Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corporation.
Trademarks
IBM, the IBM logo, Tivoli, the Tivoli logo, AIX, IBM DB2, IBM Tivoli Identity Manager and WebSphere Application Server are trademarks or registered trademarks of International Business Machines Corporation or Tivoli Systems Inc. in the United States, other countries, or both.
Microsoft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation in the United States, other countries, or both.
UNIX is a registered trademark of The Open Group in the United States and other countries. Java and all Java-based trademarks and logos are trademarks or registered trademarks of Sun
Microsystems, Inc. in the United States and other countries. Other company, product, and service names may be trademarks or service marks of others.
Notices
References in this publication to Tivoli Systems or IBM products, programs, or services do not imply that they will be available in all countries in which Tivoli Systems or IBM operates. Any reference to these products, programs, or services is not intended to imply that only Tivoli Systems or IBM products, programs, or services can be used. Subject to valid intellectual property or other legally protectable right of Tivoli Systems or IBM, any functionally equivalent product, program, or service can be used instead of the referenced product, program, or service. The evaluation and verification of operation in conjunction with other products, except those expressly designated by Tivoli Systems or IBM, are the responsibility of the user. Tivoli Systems or IBM may have patents or pending patent applications covering subject matter in this document. The furnishing of this document does not give you any license to these patents. You can send license inquiries, in writing, to the IBM Director of Licensing, IBM Corporation, North Castle Drive, Armonk, New York 10504-1785, U.S.A.
Table of contents
Table of contents......................................................................................................................................1
About this guide........................................................................................................................................2
Who should use this guide ...................................................................................................................2
1 Introduction...........................................................................................................................................3
1.1 Vital tunings.................................................................................................................................3
1.2 Initial tunings................................................................................................................................3
1.3 Resource allocation.....................................................................................................................3
1.3.1 Memory....................................................................................................................................4
1.3.2 CPU.........................................................................................................................................4
1.3.3 Disk space...............................................................................................................................4
2 IBM WebSphere Application Server.....................................................................................................5
2.1 Java virtual machine (JVM) size..................................................................................................5
2.2 Workload management (WLM) timeout.......................................................................................5
2.3 Message driven bean (MDB) request timeout.............................................................................6
2.4 Transaction timeout.....................................................................................................................6
3 IBM Tivoli Identity Manager application................................................................................................8
3.1 Recycle bin..................................................................................................................................8
3.2 Reconciliations.............................................................................................................................8
3.2.1 Threads ...................................................................................................................................8
3.2.2 Limiting attributes returned from the adapter..........................................................................9
3.2.3 Limiting the attributes evaluated..............................................................................................9
3.2.4 Maximum duration...................................................................................................................9
4 IBM Tivoli Identity Manager adapters.................................................................................................11
4.1 Microsoft Active Directory..........................................................................................................11
5 IBM DB2 .............................................................................................................................................12
5.1 APARs.......................................................................................................................................12
5.2 Buffer pools................................................................................................................................12
5.3 Idle thread timeout.....................................................................................................................12
5.4 Locks per user limit....................................................................................................................13
5.5 Active log duplexing...................................................................................................................13
5.6 Reorg and Runstats...................................................................................................................14
5.7 Additional ZPARMS...................................................................................................................15
6 IBM LDAP Server...............................................................................................................................16
6.1 APARs.......................................................................................................................................16
6.2 Cache sizes...............................................................................................................................16
6.3 Max connections........................................................................................................................16
6.4 Changelog limits........................................................................................................................17
6.5 Row locking on SEARCHTS......................................................................................................17
6.6 Indexing.....................................................................................................................................17
6.7 Runstats.....................................................................................................................................17
7 Best practices.....................................................................................................................................18
8 Regular maintenance .........................................................................................................................19
9 Other resources..................................................................................................................................20
IBM Tivoli Identity Manager Performance Tuning Guide
Page 1
About this guide
This guide identifies some ways to tune your IBM® Tivoli Identity Manager™ system to improve performance.
Who should use this guide
Use this guide if you are responsible for installing or maintaining an IBM Tivoli Identity Manager system on z/OS. The following competencies are recommended:
Familiarity with basic database and directory design principles.
General knowledge of the z/OS environment.
Understanding of how to configure and administer your directory and database server s. You may
need to have your local database administrator or directory administrator perform these tunings for you.
Page 2
IBM Tivoli Identity Manager Performance Tuning Guide

1 Introduction

The IBM Tivoli Identity Manager product addresses the complex problem of identity management. Due to the complexity of the problem, it can be challenging to optimize the use of resources by IBM Tivoli Identity Manager – that is, to tune. This tuning guide provides a system administrator with the information needed to tune the application for your environment. Other individuals (such as IBM DB2 or the LDAP Server administrators) in your organization might offer differing advice. In our experience, your system administrators know your environment better, and their advice may be more accurate for your environment than this tuning document.
The IBM Tivoli Identity Manager product can be divided into four major components: IBM WebSphere Application Server, the IBM Tivoli Identity Manager application, IBM DB2, and IBM LDAP Server. We will address each of these separately in this document.
The IBM Tivoli Identity Manager server can be installed as either a single server or as clustered servers. A clustered environment can be considered a group of single servers with regard to tuning.
This document is a working document. As more information is gathered settings may be added, removed or changed in future editions. It is recommended that you check the IBM Web site for the most recent version. To find the most recent version, go to in the search box under Search technical support, and click Search.

1.1 Vital tunings

There are several thousand different parameters that you can modify to tune WebSphere Application Server, the IBM Tivoli Identity Manager product, directory servers, and database servers. This tuning guide discusses a small subset of these parameters that have proven effective during performance testing.
http://www.ibm.com/support/us. Type “ITIM Tuning Guide”
If you are setting up an acceptance or production environment, read each section and perform the applicable tunings for your systems. If you are setting up a test environment and want to get started as quickly as possible, focus on these areas:
IBM DB2 - Buffer pools IBM DB2 - Reorg and Runstats
Note: The database statistics tunings are a vital part of the IBM Tivoli Identity Manager product performance.
IBM LDAP Server – Indexing

1.2 Initial tunings

Most of these tunings can be implemented in a newly deployed environment or an environmen t that is already deployed.
It is recommended that you execute databases. Failure to keep your database statistics up to date can cause IBM DB2 to use non-optimal paths when accessing data. See the
runstats each time you add significant numbers of users to your
IBM DB2 - Reorg and Runstats section for more information.

1.3 Resource allocation

Tuning values are more complex to manage when more than one middleware component is running on a given system; for example, having the IBM Tivoli Identity Manager server, IBM DB2, and IBM LDAP Server all on the same server. Regardless of configuration, it is important to calibrate the following resources so that they are not over-allocated.
IBM Tivoli Identity Manager Performance Tuning Guide
Page 3

1.3.1 Memory

All middleware components allow you to adjust how much memory they will use. When calculating ho w to allocate memory to middleware components, keep these considerations in mind:
Configuring middleware memory settings too high such that the total configured value exceeds available physical memory can result in the operating system swapping memory out to disk. This will result in extremely poor performance and should be avoided. After setting up or changing the memory values for the middleware, monitor the memory and swap space used to ensure that nothing is being swapped out to disk. If it is, adjust your memory settings to correct.
A large part of the WebSphere Application Server’s memory usage is the JVM size. However, the size of the JVM does not set an upper bound on the amount of memory that the WebSphere Application Server may use. See the
IBM WebSphere Application Server section.

1.3.2 CPU

All the components of the IBM Tivoli Identity Manager product (IBM Tivoli Identity Manager application, WebSphere Application Server, database server, and directory server) are CPU-intensive. Normally, batch processes such as DSML feeds are less CPU intensive than interactive commands such as changing passwords. Operations involving workflow, such as account creation, are very computationally intensive, especially when customized workflow processes are enabled. zAAP processors, if available, should be utilized in the z/OS instances supporting IBM Tivoli Identity Manager.

1.3.3 Disk space

Each of the middleware components uses different amounts of disk space for various pu rposes.
WebSphere Application Server and the IBM Tivoli Identity Manager applicatio n use disk space beyond their installation size because of log files (such as the WebSphere MQ queues. Adjust the number of archives and size of the files in the enRoleLogging.properties file. Make sure that WebSphere MQ has enough disk space for its processing logs (not error logs) to grow. The IBM Tivoli Identity Manager server pushes many entries onto the queues during large provisioning changes, causing the queues to grow.
IBM DB2 archive logs can consume a great deal of space for large transactions. For example, automatically provisioning an IBM Tivoli Identity Manager account for 50k people resulted in 13.5 GB of space being used. Only 2.7 GB was for account storage (both inside the LDAP Server and the historical logging in IBM DB2), the remainder, roughly 80%, was used by IBM DB2 archive logs. Frequent purging of IBM DB2 archive logs may be required for busy systems.
msg.log and trace.log files) and
msg.log and trace.log
Page 4
IBM Tivoli Identity Manager Performance Tuning Guide

2 IBM WebSphere Application Server

Regardless of the installation type (single server or cluster), the IBM Tivoli Identity Manager server can be thought of as two components: WebSphere Application Server (the J2EE application server running the application) and the IBM Tivoli Identity Manager application itself. Both components need to be tuned.
WebSphere Application Server allows you to use a variety of settings to tune your environment. This document discusses the timeouts and Java Messaging Service (JMS) queue endpoints.

2.1 Java virtual machine (JVM) size

By default, WebSphere Application Server sets the maximum JVM size to 256 MB. This value is too small for the IBM Tivoli Identity Manager product to run beyond a basic concept test and should be increased to a minimum of 768 MB. If your server has adequate available RAM increase this value to as much as 1.5 GB. For large reconciliations or role and policy evaluations, the default values will not be enough memory to complete these tasks.
The maximum JVM size is not the actual maximum allocated size of the Java heap – as much as 15% is allocated to a portion of the heap for the system’s use. IBM recommends that you not use a value higher than 1.5 GB even if your system has the available memory.
Do not set the JVM heap size to be larger than the physical RAM. The WebSphere Application Server suffers significant performance degradation if the operating system swaps out the JVM to swap space. Consequences of this include very slow user interface (UI) performance, transaction roll backs, timeouts, and high disk utilization.
Determining the values
initial_jvm_heap_size – The initial size of the JVM heap in megabytes. Recommended value: 256 MB.
max_jvm_heap_size – The maximum size of the JVM heap in megabytes. Recommended value: 768 MB.
Setting the values
1) Open the Administration Console.
2) Expand the Servers list in the navigation pane.
3) Select Application Servers in the navigation pane.
4) Select the server to manage.
5) Select Process Definition from the Additional Properties pane at the bottom.
6) Select Java Virtual Machine from the Additional Properties pane at the bottom.
7) Set the Initial Heap Size to initial_jvm_heap_size.
8) Set the Maximum Heap Size to max_jvm_heap_size.
9) Repeat this procedure for each IBM Tivoli Identity Manager server.
Stop and restart each Application Server for these changes to take effect.

2.2 Workload management (WLM) timeout

The WebSphere Application Server on z/OS provides a timeout value for how long it should wait for IIOP requests to complete. WebSphere Application Server uses the workload management (WLM) timeout value to terminate hung threads thereby preventing the hung thread from holding onto resources needed
IBM Tivoli Identity Manager Performance Tuning Guide
Page 5
Loading...
+ 15 hidden pages
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use