ITIM Performance Tuning and Availability...


IBM Tivoli Identity Manager (ITIM) is an application built upon JAVA using a database and LDAP repository that requires in-depth knowledge of the applications being used in order to be deployed in the best manner. 


Normal IBM installation and documentation is designed to deploy the ITIM application for the most general deployment possible and is not designed to configure the product for unique customer environments.  To take into account such unique requirements and their impact upon optimal performance during an ITIM installation, IBM has produced the IBM Tivoli Identity Manager Tuning Guide 4.6.  This document does an excellent job explaining how to configure ITIM, the JAVA application middleware, databases, LDAP repositories and operating systems for TIM performance.  This document requires a detailed understanding of the ITIM application, the JAVA application platform it is deployed on (WebSphere or Weblogic), the database used as the transaction repository (DB2, Oracle or MS SQL), the LDAP identity store (IDS or SunOne) and also the operating system (AIX, Windows, Sun, Red Hat, or HP). 


ITIM documentation including the tuning guide, still does not cover the requirements of deploying a Highly Available (HA) environment for ITIM and the configuration of the TIM application, database, and LDAP user repository. 


NetworkingPS offers both regular performance tuning and High Availability consulting and solutions from the experience of its ITIM consulting specialists.


NetworkingPS has highly skilled advisory consultants that have specialized in the following areas of ITIM performance and availability:


  • Determining how and why ITIM activities are not executing in a manner resulting in satisfactory customer response.

  • Identify bottlenecks in ITIM software, middleware, database, LDAP repository, user interface (UI), agent, adapter, or the operating system that are slowing ITIM or preventing requests from being executed in a timely manner.

  • Determining if the hardware, including the CPU, memory and disk, are adequate for the customer deployment now and in the future, should your organization grow.

  • Have the proper software, application and operating system tuning be applied correctly to produce the best ITIM deployment possible.


  • Examining the TIM application, the middleware, databases, LDAP, and agents  and applying indexes, increasing memory, and/or changing tuning parameters for the customer environment as needed.

  • Load based testing and result collection to identify performance issues.


  • Recommending hardware and software HA technologies for load balancing, failover, failure detection, recovery and replication of an ITIM deployment.

  • Project planning a performance or stress test including resources, timing, objectives and deliverables.

  • Document ITIM customer test scenarios, identify performance targets, execute stress testing, identify bottlenecks, collect results and present a evaluation of the results.

  • Provide HW recommendations based upon years of ITIM experience on AIX, Windows, Sun, Red Hat platforms.


NetworkingPS has a level of in-house ITIM Performance and Tuning expertise that is hard to match:

  • The author and contributing member of the IBM Tivoli Identity Manager Tuning guide is a current member of the NetworkingPS staff and has conducted seminars on ITIM performance tuning and provided recommendations on tuning ITIM for versions 4.4 through 4.6.

  • The author of the IBM Tivoli Identity Manager Sizing Guide version 4.4-4.5.1 is a current member of the NetworkingPS staff.

  • The former performance lead for IBM ITIM testing is a current member of the NetworkingPS staff.

Success Stories:


Deployment of ITIM with a custom user interface (UI) with a 1500% increase in performance, canceling a $200,000 planned purchase of new hardware.

Situation:  Production deployment of ITIM with guarantees that hardware and software will meet customer expectations, including a presentation to the customers IT steering committee of a HW proposal based upon performance testing of the ITIM application.

Solution:  Investigation of the custom UI through execution of load testing of customer test cases.  As a result, the use of UI caching and indexing of key LDAP elements was implemented.  Execution of load testing at the customer site was conducted to gather and verify the results.

Result:  Transactions completed per hour increased from 425 to 6,372 on the new UI, a 1500% increase in performance.  As a result, the planned purchase of additional hardware was cancelled.  The customer realized a savings of $200,000 from not purchasing the hardware alone.


Role based provisioning of external accounts into ITIM increased by 1000%. 

Situation: Examination showed that adequate hardware was deployed, however account provisioning was slow and low activity was seen on one of the two 8 CPU AIX servers deployed in the configuration.

Solution:  High LDAP utilization with slow response was located during the execution of the provisioning operations.  A DB2 configuration issue underneath the IDS LDAP server was located and corrected improving the provisioning response by 1000%.

Result:  Account provisioning increased from 1,200 accounts per hour to 14,000 accounts per hour after configuration changes were made.


Conduct a 400 concurrent user stress test on 1.3 million ITIM user identities.

Situation:  A hardware recommendation proposed is not accepted by the customer from the standpoint that no customer deployment or testing data exist to validate that the proposed ITIM hardware can meet customer requirements in scalability, response time and concurrency.

Solution:  Setup and population of a 1.3 million user repository, ITIM cluster members and high capacity SAN was implemented.  Testing using Web stress tools to simulate hundreds of concurrent users was conducted using more servers (horizontal scaling) and more CPU’s per server (vertical scaling) while monitoring user response times.

Result:  Load testing data captured was presented, which was the basis of a hardware recommendation accepted by the customer.


Over time, as you add features and functionality to your Identity Management environment, you may be impacting the overall performance of your system. Through proven methodologies and procedures, NetworkingPS can increase the performance of your ITIM configuration to obtain the best results possible. These results are recognized in the form of improved response time, increased user concurrency, and decreased cost from not purchasing additional hardware until absolutely necessary.  Understanding and correct execution of configuration of the software, application and operating system dependencies is a task best left for experts with experience. 

NetworkingPS has the experience to provide these tasks for our clients.