NetworkingPS ITIM Performance Tuning

IdM Performance Tuning and Availability...

Introduction:

Identity Management systems such as IBM Security Identity Manager (ISIM), Oracle Identity Manager (OIM), and CA Identity Manager (formerly CA IdentityMinder) are applications built upon a programming language such as JAVA and employ a database and an LDAP repository that require in-depth knowledge of the application being used in order to be deployed in the best manner.

Normal IdM installation procedures and documentation are designed to deploy the application for the most general deployment possible and are not designed to configure the product for unique customer environments. To do that requires a thorough review of the customer environment as well as a detailed understanding of the IdM application itself, the application platform it is deployed on (such as WebSphere or Weblogic), the database used as the transaction repository (DB2, Oracle or MS SQL), the LDAP identity store (IDS or SunOne) and also the operating system (AIX, Windows, Sun, Red Hat, or HP). Virtual and/or High Availability deployments can add more complexity to the installation.

NetworkingPS offers both regular performance tuning and High Availability consulting and solutions from the experience of its IdM consulting specialists.

Services:

NetworkingPS has highly skilled advisory consultants that have specialized in the following areas of IdM performance and availability:

Analysis

Determining how and why IdM activities are not executing in a manner resulting in satisfactory customer response.
Identify bottlenecks in IdM software, middleware, database, LDAP repository, user interface (UI), agent, adapter, or the operating system that are slowing the application or preventing requests from being executed in a timely manner.
Determining if the hardware, including the CPU, memory and disk, are adequate for the customer deployment now and in the future, should your organization grow.
Have the proper software, application and operating system tuning be applied correctly to produce the best IdM deployment possible.

Execution

Examining the IdM application, the middleware, databases, LDAP, and agents and applying indexes, increasing memory, and/or changing tuning parameters for the customer environment as needed.
Load based testing and result collection to identify performance issues.

Solution

Recommending hardware and software HA technologies for load balancing, failover, failure detection, recovery and replication of an IdM deployment.
Project planning a performance or stress test including resources, timing, objectives and deliverables.
Document IdM customer test scenarios, identify performance targets, execute stress testing, identify bottlenecks, collect results and present a evaluation of the results.
Provide HW recommendations based upon years of IdM experience on AIX, Windows, Sun, Red Hat platforms.

Experience:

NetworkingPS has a level of in-house IdM Performance and Tuning expertise that is hard to match:

The author and contributing member of the IBM Identity Manager Tuning guide is a member of the NetworkingPS staff and has conducted seminars on IdM performance tuning and provided recommendations on tuning IdM.
The author of the IBM Identity Manager Sizing Guide is a member of the NetworkingPS staff.
The former performance lead for IBM IdM testing is a member of the NetworkingPS staff.

NetworkingPS also has consultants that have worked for CA and Oracle in similar positions of providing performance tuning for customers of those companies' products.

Success Stories:

Deployment of IBM IdM with a custom user interface (UI) with a 1500% increase in performance, canceling a $200,000 planned purchase of new hardware.

Situation: Production deployment of IBM IdM with guarantees that hardware and software will meet customer expectations, including a presentation to the customers IT steering committee of a HW proposal based upon performance testing of the IdM application.

Solution: Investigation of the custom UI through execution of load testing of customer test cases. As a result, the use of UI caching and indexing of key LDAP elements was implemented. Execution of load testing at the customer site was conducted to gather and verify the results.

Result: Transactions completed per hour increased from 425 to 6,372 on the new UI, a 1500% increase in performance. As a result, the planned purchase of additional hardware was cancelled. The customer realized a savings of $200,000 from not purchasing the hardware alone.

Role based provisioning of external accounts into IBM IdM increased by 1000%.

Situation: Examination showed that adequate hardware was deployed, however account provisioning was slow and low activity was seen on one of the two 8 CPU AIX servers deployed in the configuration.

Solution: High LDAP utilization with slow response was located during the execution of the provisioning operations. A DB2 configuration issue underneath the IDS LDAP server was located and corrected improving the provisioning response by 1000%.

Result: Account provisioning increased from 1,200 accounts per hour to 14,000 accounts per hour after configuration changes were made.

Conduct a 400 concurrent user stress test on 1.3 million user identities.

Situation: A hardware recommendation proposal is not accepted by the customer from the standpoint that no customer deployment or testing data exist to validate that the proposed hardware could meet customer requirements in scalability, response time and concurrency.

Solution: Setup and population of a 1.3 million user repository, cluster members, and high capacity SAN was implemented. Testing using Web stress tools to simulate hundreds of concurrent users was conducted using more servers (horizontal scaling) and more CPU’s per server (vertical scaling) while monitoring user response times.

Result: Load testing data captured was presented, which was the basis of a hardware recommendation accepted by the customer.

Conclusion:

Over time, as you add features and functionality to your Identity Management environment, you may be impacting the overall performance of your system. Through proven methodologies and procedures, NetworkingPS can increase the performance of your IdM configuration to obtain the best results possible. These results are recognized in the form of improved response time, increased user concurrency, and decreased cost from not purchasing additional hardware until absolutely necessary. Understanding and correct execution of configuration of the software, application and operating system dependencies is a task best left for experts with experience.

NetworkingPS has the experience to provide these tasks for our clients.