Oracle® Identity Manager Best Practices Guide Release 9.1.0 Part Number E10361-02 |
|
|
View PDF |
This chapter describes how to upgrade application servers for Oracle Identity Manager release 9.1.0 to improve performance. This chapter contains the following sections:
Note:
All tuning parameter suggestions and values in this section are for reference purposes only. Values should be modified based on your needs, application usage patterns, loads, and hardware specifications.The following recommendations are specific to Oracle Identity Manager deployed on BEA WebLogic Server version 8.1:
Note:
Changing any of the settings may require you to restart the server.You must modify the JVM memory settings for a non clustered as well as a clustered environment.
To increase the JVM memory settings and specify the Java option for a non clustered environment:
Use the WebLogic Server Administration Console to shut down the application server gracefully.
Navigate to BEA_HOME\user_projects\domains\DOMAIN_NAME.
For example, C:\bea\user_projects\domains\mydomain.
In a text editor, open the following WebLogic start script file.
For Microsoft Windows:
startWebLogic.cmd
For UNIX:
startWebLogic.sh
Edit the script to specify memory options as follows:
For Microsoft Windows:
Locate the line that starts with the following:
%JAVA_HOME%\bin\java %JAVA_VM% %MEM_ARGS% %JAVA_OPTIONS%
Add either of the following lines just before it:
If Sun JVM is used, then add:
set MEM_ARGS=-Xms1280m -Xmx1280m -XX:PermSize=128m -XX:MaxPermSize=256m
If BEA JRockit JVM is used, then add:
set MEM_ARGS=-Xms1280m -Xmx1280m
For UNIX:
Locate the line that starts with the following:
$JAVA_HOME/bin/java ${JAVA_VM} ${MEM_ARGS} ${JAVA_OPTIONS}
Add either of the following lines just before it:
If Sun JVM is used, then add:
MEM_ARGS="-Xms1280m -Xmx1280m -XX:PermSize=128m -XX:MaxPermSize=256m" export MEM_ARGS
If BEA JRockit JVM is used, then add:
MEM_ARGS="-Xms1280m -Xmx1280m" export MEM_ARGS
If BEA JRockit JVM is being used, add the -XnoOpt option to the existing JAVA_OPTIONS. This option turns off adaptive optimization and is required for stable Oracle Identity Manager operations.
For Microsoft Windows:
Locate the line that starts with the following:
%JAVA_HOME%\bin\java %JAVA_VM% %MEM_ARGS% %JAVA_OPTIONS%
Add the following line just before it:
set JAVA_OPTIONS=%JAVA_OPTIONS% -XnoOpt
For UNIX:
Locate the line that starts with the following:
$JAVA_HOME/bin/java ${JAVA_VM} ${MEM_ARGS} ${JAVA_OPTIONS}
Add the following line just before it:
JAVA_OPTIONS="$JAVA_OPTIONS -XnoOpt" export JAVA_OPTIONS
Save and close the file.
To increase the JVM memory settings and specify the Java option for a clustered environment:
Note:
If you are using the xlStartManagedServer script to start or stop the WebLogic managed servers, then specify the memory settings in the server startup scripts as specified in the previous section.If you are using the WebLogic Server Administration Console (Remote Start Tab) to start or stop the servers, then perform the steps in the following procedure:
Open the WebLogic Server Administration Console.
Click the server name, for example xlManagedServer_1, under domain name/Servers.
Click the Remote Start tab, and then:
In the Java Home field, enter the path of the Sun SDK or JRockit SDK directory. For example, C:\bea\jdk142_15.
Set the BEA_HOME field. For example, if BEA WebLogic Server is installed on the C drive, you set the BEA_HOME field to C:\bea.
Increase the memory by appending the following to the Arguments field:
For Sun SDK:
-Xms1280m -Xmx1280m -XX:PermSize=128m -XX:MaxPermSize=256m
For JRockit SDK:
-Xms1280m -Xmx1280m -XnoOpt
Note:
Ensure that you perform this step on all Managed Servers.Click Apply to save the setting on the Remote Start tab.
The xlConnectionPool is used by the WebLogic JMS for JMS operations. XlXAConnectionPool is used by Oracle Identity Manager for all other purposes. To increase the capacity of the JDBC connection pool
Open the WebLogic Server Administration Console.
Click Servers, JDBC, and then Connection Pools.
For xlConnectionPool:
Click xlConnection Pool, select the Connections tab and set the following:
Initial Capacity = 30
Maximum Capacity = 50
For xlXAConnectionPool:
Click xlXAConnection Pool, select the Connections tab and set the following
Initial Capacity = 30
Maximum Capacity = 50
Click Apply and then click Save.
Oracle Identity Manager uses Message Driven Beans (MDBs) for processing all offline activities, such as reconciliation, auditing, requests, and attestation. The default number of MDBs may not be enough for a heavy load. Bea WebLogic Server uses Execute Queues, which are shared between all types of MDBs.
You can increase the number of MDBs by using one of the following methods:
Number of MDB threads = (Thread Count)/2 +1
By default, the thread count is 25 for a production mode WebLogic installation. As a result, there will be a maximum of 13 threads available for the MDBs, which will be shared between all types of MDBs. To increase the thread count:
Log in to the WebLogic Administration Console.
Right-click View Execute Queues on the server on which Oracle Identity Manager is deployed.
Click weblogic.kernel.Default and set an appropriate value for Thread Count.
Note:
Ensure that the CPU capacity supports the increase in threads.When you increase the number of MDBs, the JDBC connection pool may also need to be increased accordingly.
You can create separate queues for each MDB depending on the application usage. For example, for big reconciliation work flows, create a separate queue for reconciliation and a separate queue for Audit, and assign to their respective MDBs by using the dispatch-policy element. For example:
From the WebLogic Admin Console, create an execute queue, for example, OIMReconQueue. See BEA WebLogic documentation for more information about how to create an execute queue.
Modify OIM_HOME\DDTemplates\BO\weblogic-ejb-jar.xml with the dispatch-policy element. To do so:
Locate the following xml segment in the weblogic-ejb-jar.xml file:
weblogic-enterprise-bean <ejb-name>ReconMessageHandlerMDB</ejb-name> <message-driven-descriptor> … </message-driven-descriptor>
Add the following line after </message-driven-descriptor>
:
<dispatch-policy>OIMReconQueue</dispatch-policy>
After changing the values, change the directory to OIM_HOME/setup and run the following script:
For Microsoft Windows:
patch_weblogic.cmd weblogic_admin_password oim_schema_password
For UNIX:
patch_weblogic.sh weblogic_admin_password oim_schema_password
After the patch completes, restart the application server.
Note:
Refer to the BEA WebLogic documentation for more information. Also ensure that the CPU capacity supports the increase in threads.WebLogic limits the number of open file descriptors in the <WL_HOME>/common/bin/commEnv.sh script to 1024. In some cases, if there is a huge number of concurrent users, WebLogic may throw the "TOO MANY OPEN FILES" exception. If you face this error, then increase the limit beyond 1024. Ensure that the operating system is able to handle the increase in the number of open files.
The following recommendations are specific to Oracle Identity Manager deployed on IBM WebSphere Application Server version 6.1:
Note:
Changing any of the settings may require you to restart the server.To increase the JVM memory settings for a non clustered environment:
Log in to the WebSphere Administrative Console by using the following URL:
http://WEBSPHERE_HOSTNAME:WEBSPHERE_ADMIN_PORT /admin
Select Servers, and then select Application Servers.
Select the server name.
Go to Server Infrastructure, and then click Java and Process Management.
Select Process Definition.
Go to Additional Properties, and then click Java Virtual Machine and enter the following values:
Minimum Heap Size = 1280
Maximum Heap Size = 1280
Generic JVM Arguments = -Xjit:disableLocalVP,disableGlobalVP
Click OK.
Click Save to commit the setting.
Note:
For a clustered environment, the changes in the aforementioned procedure must be done on each server in the cluster.The xlConnectionPool is used by the WebLogic JMS for JMS operations. XlXAConnectionPool is used by Oracle Identity Manager for all other purposes. To increase the capacity of the JDBC connection pool
Log in to the WebSphere Administrative Console.
Select Resources, JDBC, Data Sources, and then select Non XA DataSource. Select Connection pool properties under Additional properties. Enter the following values.
Minimum connections = 10
Maximum connections = 50
Click OK and then click Save.
Select Resources, JDBC, Data Sources, and then select XA DataSource. Select Connection pool properties under Additional properties. Enter the following values.
Minimum connections = 30
Maximum connections = 50
Click OK and then click Save.
Oracle Identity Manager uses MDBs for processing all offline activities, such as reconciliation, auditing, requests, and attestation. The default number of MDBs may not be enough for a heavy load.
Note:
Depending on the JMS being used in the installation, choose the specific instructions accordingly.To increase the number of MDBs for default JMS messaging:
Click Resources, Resource Adapters, and J2C activation specifications.
For each queue specification:
Click J2C activation specification custom properties from Additional Properties.
On Page 1, select the maxConcurrency link and set Value to 20
.
Click OK and then click Save.
Click on the arrow to go to Page 2.
On Page 2, select the maxConcurrency link and set Value to 20
.
Click OK and then click Save.
Note:
When you increase the number of MDBs, the JDBC connection pool may also need to be increased accordingly.To increase the number of MDBs for nondefault JMS messaging, increase the value of Maximum Sessions for the corresponding listener port. For example, if you are using the MDBs for reconciliation, select the listener port that you use for reconciliation and increase the value of Maximum Sessions.
To increase the server thread pool:
Log in to the WebSphere Administrative Console.
Click Application Servers, click the server on which Oracle Identity Manager is deployed, and then click Thread Pools.
Click Default and set the values of Minimum Size and Maximum Size. For example, enter 20
for Minimum Size and 75
for Maximum Size.
Click Save.
Note:
For a clustered environment, the changes in the aforementioned procedure must be done on each server in the cluster.Also ensure that the CPU capacity supports the increase in threads.
The following recommendations are specific to Oracle Identity Manager deployed on JBoss Application Server version 4.0.3 SP1:
Note:
Changing any of the settings may require you to restart the server.Depending on the operating system of your environment, perform the following:
For Microsoft Windows:
Open the JBOSS_HOME\bin\run.bat file in a text editor.
Locate the following line:
set JAVA_OPTS=%JAVA_OPTS% -Xms128m -Xmx512m
Change the memory settings to the following recommended values:
set JAVA_OPTS=%JAVA_OPTS% -Xms1280m -Xmx1280m -XX:PermSize=128m -XX:MaxPermSize=256m
Save and close the run.bat file.
For UNIX:
Open the JBOSS_HOME/bin/run.conf file in a text editor.
Locate the following line:
JAVA_OPTS="-server -Xms128m -Xmx128m"
Change the memory settings to the following recommended values:
JAVA_OPTS="-server -Xms1280m -Xmx1280m -XX:PermSize=128m -XX:MaxPermSize=256m"
Save and close the run.conf file.
Note:
For a clustered environment, repeat the steps on each node of the cluster.To modify the JDBC connection pools, open the JBOSS_HOME/server/default/deploy/xell-ds.xml file and make the following changes:
Note:
For a clustered installation of Oracle Identity Manager on JBoss Application Server, the xell-ds.xml file can be located at JBOSS._HOME/server/all/farmFor the jdbc/xlDS pool, insert the following before the line </local-tx-datasource>:
<min-pool-size>10</min-pool-size> <max-pool-size>50</max-pool-size> <blocking-timeout-millis>15000</blocking-timeout-millis> <idle-timeout-minutes>15</idle-timeout-minutes>
For the jdbc/xlXADS pool, insert the following before the line </xa-datasource>:
<min-pool-size>30</min-pool-size> <max-pool-size>50</max-pool-size> <blocking-timeout-millis>15000</blocking-timeout-millis> <idle-timeout-minutes>15</idle-timeout-minutes
To increase the number of threads:
Open JBOSS_HOME/server/default/conf/jboss-service.xml.
Note:
For a clustered installation of Oracle Identity Manager on JBoss Application Server, the jboss-service.xml file can be located at JBOSS._HOME/server/all/confSet the maximum pool size as follows and save the file:
<mbean code="org.jboss.util.threadpool.BasicThreadPool" name="jboss.system:service=ThreadPool"> ... <attribute name="MaximumPoolSize">50</attribute> ... </mbean>
Note:
When you increase the number of threads, the JDBC connection pool may also need to be increased accordingly.Also ensure that the CPU capacity supports the increase in threads.
To increase the JMS pool size:
Open the JBOSS_HOME/server/default/deploy/jms/jms-ds.xml file in a text editor.
Note:
For a clustered installation of Oracle Identity Manager on JBoss Application Server, open the JBOSS_HOME/server/all/deploy/jms/hajndi-jms-ds.xml file in a text editor.Set the maximum pool size as follows and save the file:
<tx-connection-factory>...<max-pool-size>20</max-pool-size>...</tx-connection-factory>
Note:
When you increase the JMS pool size, the JDBC connection pool may also need to be increased accordingly.To increase the size of MDBs:
Open the JBOSS_HOME/server/default/conf/standardjboss.xml file in a text editor.
Note:
For a clustered installation of Oracle Identity Manager on JBoss Application Server, open the JBOSS_HOME/server/all/conf/standardjboss.xml file in a text editor.Locate the following xml fragment:
<invoker-proxy-binding> <name> message-driven-bean<name> ... <MinimumSize>4</MinimumSize> <MaximumSize>20</MaximumSize> ...
Add the following to this fragment:
<DLQConfig> ... <MaxTimesRedelivered>5</MaxTimesRedelivered> ... </invoker-proxy-binding>
When you add the aforementioned attribute, the JMS messages are redelivered as many times as defined by this attribute in case of failure.
Note:
When you make these changes, the JDBC connection pool may also need to be increased accordingly.To disable deployment scanning:
Open the JBOSS_HOME/server/default/conf/jboss-service.xml file in a text editor.
Note:
For a clustered installation of Oracle Identity Manager on JBoss Application Server, open the JBOSS_HOME/server/all/conf/jboss-service.xml file in a text editor.Locate and edit the xml fragment as follows:
<!-- An mbean for hot deployment/undeployment of archives. --> <mbean code="org.jboss.deployment.scanner.URLDeploymentScanner" name="jboss.deployment:type=DeploymentScanner,flavor=URL"> ... <attribute name="ScanPeriod">5000</attribute> <attribute name="ScanEnabled">False</attribute> ... </mbean>
The following recommendations are specific to Oracle Identity Manager deployed on Oracle Application Server version 10.1.3.x:
Note:
Changing any of the settings may require you to restart the server.To upgrade Oracle Application Server and apply the patches for Oracle Application Server, see Metalink note 553266.1.
To increase the Oracle Application Server heap size:
Open the ORACLE_HOME/opmn/conf/opmn.xml file in a text editor.
Locate the following memory setting:
-XX:MaxPermSize=128M -ms512M -mx1024M
Change the memory setting to:
-ms1280m -mx1280m -XX:PermSize=128m -XX:MaxPermSize=256m
Save and close the ORACLE_HOME/opmn/conf/opmn.xml file.
Note:
For a clustered installation, repeat the steps on all the Oracle Application Server instances where Oracle Identity Manager is deployed.Do not change any parameter of the connection pool by using Oracle Application Server control. This may cause a user to be locked on the database side. It is recommended to make connection pool changes in the configuration file as follows:
Stop the Oracle Application Server instance where Oracle Identity Manager is deployed.
Open the ORACLE_HOME/j2ee/INSTANCE_NAME/config/data-sources.xml file and implement the following changes:
For xlConnectionPool the minimum and maximum connection pool values should be set as follows:
min-connections="10"
max-connections="50"
For xlXAConnectionPool, the minimum and maximum connection pool values should be set as follows:
min-connections="30"
max-connections="100"
Note:
For a clustered installation, repeat the steps on all the Oracle Application Server instances where Oracle Identity Manager is deployed.Oracle Identity Manager uses MDBs for processing all offline activities, such as reconciliation, auditing, requests, and attestation. The default number of MDBs may not be enough for a heavy load. To increase the number of MDBs, perform the following:
Change the number of MDBs as follows:
For File-based JMS Persistence (Default OIM Installation):
Open OIM_HOME/DDTemplates/BO/orion-ejb-jar.xml. and .
Change value of listener-threads for all the MDBs to 20. This represents the numbers of MDBs for each queue.
For database/AQ based JMS Persistence:
Open OIM_HOME/DDTemplates/BO/orion-ejb-jar.xml. and .
Change value of Receiver-Threads for all the MDBs to 20. This represents the numbers of MDBs for each queue.
After changing the values, change the directory to OIM_HOME/setup and run the following script:
For Microsoft Windows:
patch_oc4j.cmd oc4j_admin_password oim_schema_password
For UNIX:
patch_oc4j.sh oc4j_admin_password oim_schema_password
After the patch completes, restart the application server. This will rebuild the application with the latest modified values for MDBs.
Note:
For a clustered installation, repeat the steps on all the Oracle Application Server instances where Oracle Identity Manager is deployed.When you increase the number of MDBs, the JDBC connection pool may also need to be increased accordingly