ITIM Performance Tuning and Availability...
Introduction:
IBM Tivoli Identity Manager (ITIM) is an application built upon JAVA using a
database and LDAP repository that requires in-depth knowledge of the
applications being used in order to be deployed in the best manner.
Normal IBM installation and
documentation is designed to deploy the ITIM application for the most general
deployment possible and is not designed to configure the product for unique
customer environments. To take into account such unique requirements and
their impact upon optimal performance during an ITIM installation, IBM has produced the
IBM Tivoli Identity Manager Tuning Guide 4.6. This document does an
excellent job explaining how to configure ITIM, the JAVA application middleware,
databases, LDAP repositories and operating systems for TIM performance. This
document requires a detailed understanding of the ITIM application, the JAVA
application platform it is deployed on (WebSphere or Weblogic), the database
used as the transaction repository (DB2, Oracle or MS SQL), the LDAP identity
store (IDS or SunOne) and also the operating system (AIX, Windows, Sun, Red Hat,
or HP).
ITIM documentation including the tuning guide, still does not cover the
requirements of deploying a Highly Available (HA) environment for ITIM and the
configuration of the TIM application, database, and LDAP user repository.
NetworkingPS offers both regular performance tuning and High Availability
consulting and solutions from the experience of its ITIM consulting specialists.
Services:
NetworkingPS
has highly skilled advisory consultants that have specialized in the following
areas of ITIM performance and availability:
Analysis
-
Determining how and why ITIM activities are not executing
in a manner resulting in satisfactory customer response.
-
Identify bottlenecks in ITIM software, middleware,
database, LDAP repository, user interface (UI), agent, adapter, or the
operating system that are slowing ITIM or preventing requests from being
executed in a timely manner.
-
Determining if the hardware, including the CPU, memory
and disk, are adequate for the customer deployment now and in the future,
should your organization grow.
-
Have the proper software, application and operating
system tuning be applied correctly to produce the best ITIM deployment
possible.
Execution
-
Examining the TIM application, the middleware, databases,
LDAP, and agents and applying indexes, increasing memory, and/or changing
tuning parameters for the customer environment as needed.
-
Load based testing and result collection to identify
performance issues.
Solution
-
Recommending hardware and software HA technologies for
load balancing, failover, failure detection, recovery and replication of an
ITIM deployment.
-
Project planning a performance or stress test including
resources, timing, objectives and deliverables.
-
Document ITIM customer test scenarios, identify
performance targets, execute stress testing, identify bottlenecks, collect
results and present a evaluation of the results.
-
Provide HW recommendations based upon years of ITIM
experience on AIX, Windows, Sun, Red Hat platforms.
Experience:
NetworkingPS has
a level of in-house ITIM Performance and Tuning expertise that is hard to match:
-
The author and contributing member of the IBM Tivoli
Identity Manager Tuning guide is a current member of the NetworkingPS
staff and has conducted seminars on ITIM performance tuning and provided
recommendations on tuning ITIM for versions 4.4 through 4.6.
-
The author of the IBM Tivoli Identity Manager Sizing
Guide version 4.4-4.5.1 is a current member of the NetworkingPS
staff.
-
The former performance lead for IBM ITIM testing is a current
member of the NetworkingPS staff.
Success Stories:
Deployment of ITIM with a custom user interface (UI) with a 1500% increase
in performance, canceling a $200,000 planned purchase of new hardware.
Situation: Production deployment of ITIM
with guarantees that hardware and software will meet customer expectations,
including a presentation to the customers IT steering committee of a HW proposal
based upon performance testing of the ITIM application.
Solution: Investigation of the custom UI
through execution of load testing of customer test cases. As a result, the use
of UI caching and indexing of key LDAP elements was implemented. Execution of
load testing at the customer site was conducted to gather and verify the
results.
Result: Transactions completed per hour
increased from 425 to 6,372 on the new UI, a 1500% increase in performance. As
a result, the planned purchase of additional hardware was cancelled. The
customer realized a savings of $200,000 from not purchasing the hardware alone.
Role based provisioning of external accounts into ITIM increased by 1000%.
Situation: Examination showed that adequate
hardware was deployed, however account provisioning was slow and low activity
was seen on one of the two 8 CPU AIX servers deployed in the configuration.
Solution: High LDAP utilization with slow
response was located during the execution of the provisioning operations. A DB2
configuration issue underneath the IDS LDAP server was located and corrected
improving the provisioning response by 1000%.
Result: Account provisioning increased from
1,200 accounts per hour to 14,000 accounts per hour after configuration changes
were made.
Conduct a 400 concurrent user stress test on 1.3 million ITIM user
identities.
Situation: A hardware recommendation
proposed is not accepted by the customer from the standpoint that no customer
deployment or testing data exist to validate that the proposed ITIM hardware can
meet customer requirements in scalability, response time and concurrency.
Solution: Setup and population of a 1.3
million user repository, ITIM cluster members and high capacity SAN was
implemented. Testing using Web stress tools to simulate hundreds of concurrent
users was conducted using more servers (horizontal scaling) and more CPU’s per
server (vertical scaling) while monitoring user response times.
Result: Load testing data captured was
presented, which was the basis of a hardware recommendation accepted by the
customer.
Conclusion:
Over time, as you add
features and functionality to your Identity Management environment, you may be
impacting the overall performance of your system. Through proven methodologies
and procedures, NetworkingPS can increase the performance of your ITIM
configuration to obtain the best results possible. These results are recognized
in the form of improved response time, increased user concurrency, and
decreased cost from not purchasing additional hardware until absolutely
necessary. Understanding and correct
execution of configuration of the software, application and operating system
dependencies is a task best left for experts with experience.
NetworkingPS
has the experience to provide these tasks for our clients.
|
