IdM Performance Tuning and Availability...
Identity Management systems such as IBM Security Identity Manager (ISIM), Oracle Identity Manager (OIM), and CA Identity Manager (formerly CA IdentityMinder) are applications built upon a programming language such as JAVA and employ a
database and an LDAP repository that require in-depth knowledge of the
application being used in order to be deployed in the best manner.
Normal IdM installation procedures and
documentation are designed to deploy the application for the most general
deployment possible and are not designed to configure the product for unique
customer environments. To do that requires a thorough review of the customer environment as well as a detailed understanding of the IdM application itself, the
application platform it is deployed on (such as WebSphere or Weblogic), the database
used as the transaction repository (DB2, Oracle or MS SQL), the LDAP identity
store (IDS or SunOne) and also the operating system (AIX, Windows, Sun, Red Hat,
Virtual and/or High Availability deployments can add more complexity to the installation.
NetworkingPS offers both regular performance tuning and High Availability
consulting and solutions from the experience of its IdM consulting specialists.
has highly skilled advisory consultants that have specialized in the following
areas of IdM performance and availability:
Determining how and why IdM activities are not executing
in a manner resulting in satisfactory customer response.
Identify bottlenecks in IdM software, middleware,
database, LDAP repository, user interface (UI), agent, adapter, or the
operating system that are slowing the application or preventing requests from being
executed in a timely manner.
Determining if the hardware, including the CPU, memory
and disk, are adequate for the customer deployment now and in the future,
should your organization grow.
Have the proper software, application and operating
system tuning be applied correctly to produce the best IdM deployment
Examining the IdM application, the middleware, databases,
LDAP, and agents and applying indexes, increasing memory, and/or changing
tuning parameters for the customer environment as needed.
Load based testing and result collection to identify
Recommending hardware and software HA technologies for
load balancing, failover, failure detection, recovery and replication of an
Project planning a performance or stress test including
resources, timing, objectives and deliverables.
Document IdM customer test scenarios, identify
performance targets, execute stress testing, identify bottlenecks, collect
results and present a evaluation of the results.
Provide HW recommendations based upon years of IdM
experience on AIX, Windows, Sun, Red Hat platforms.
a level of in-house IdM Performance and Tuning expertise that is hard to match:
The author and contributing member of the IBM
Identity Manager Tuning guide is a member of the NetworkingPS
staff and has conducted seminars on IdM performance tuning and provided
recommendations on tuning IdM.
The author of the IBM Identity Manager Sizing
Guide is a member of the NetworkingPS
- The former performance lead for IBM IdM testing is a
member of the NetworkingPS staff.
Deployment of IBM IdM with a custom user interface (UI) with a 1500% increase
in performance, canceling a $200,000 planned purchase of new hardware.
Situation: Production deployment of IBM IdM
with guarantees that hardware and software will meet customer expectations,
including a presentation to the customers IT steering committee of a HW proposal
based upon performance testing of the IdM application.
Solution: Investigation of the custom UI
through execution of load testing of customer test cases. As a result, the use
of UI caching and indexing of key LDAP elements was implemented. Execution of
load testing at the customer site was conducted to gather and verify the
Result: Transactions completed per hour
increased from 425 to 6,372 on the new UI, a 1500% increase in performance. As
a result, the planned purchase of additional hardware was cancelled. The
customer realized a savings of $200,000 from not purchasing the hardware alone.
Role based provisioning of external accounts into IBM IdM increased by 1000%.
Situation: Examination showed that adequate
hardware was deployed, however account provisioning was slow and low activity
was seen on one of the two 8 CPU AIX servers deployed in the configuration.
Solution: High LDAP utilization with slow
response was located during the execution of the provisioning operations. A DB2
configuration issue underneath the IDS LDAP server was located and corrected
improving the provisioning response by 1000%.
Result: Account provisioning increased from
1,200 accounts per hour to 14,000 accounts per hour after configuration changes
Conduct a 400 concurrent user stress test on 1.3 million user
Situation: A hardware recommendation
proposal is not accepted by the customer from the standpoint that no customer
deployment or testing data exist to validate that the proposed hardware could
meet customer requirements in scalability, response time and concurrency.
Solution: Setup and population of a 1.3
million user repository, cluster members, and high capacity SAN was
implemented. Testing using Web stress tools to simulate hundreds of concurrent
users was conducted using more servers (horizontal scaling) and more CPU’s per
server (vertical scaling) while monitoring user response times.
Result: Load testing data captured was
presented, which was the basis of a hardware recommendation accepted by the
Over time, as you add
features and functionality to your Identity Management environment, you may be
impacting the overall performance of your system. Through proven methodologies
and procedures, NetworkingPS can increase the performance of your IdM
configuration to obtain the best results possible. These results are recognized
in the form of improved response time, increased user concurrency, and
decreased cost from not purchasing additional hardware until absolutely
necessary. Understanding and correct
execution of configuration of the software, application and operating system
dependencies is a task best left for experts with experience.
has the experience to provide these tasks for our clients.