> Administration and Deployment Guide > Performance Statistics

Administration and Deployment Guide

     Previous  Next    Open TOC in new window  Open Index in new window  View as PDF - New Window  Get Adobe Reader - New Window
Content starts here

Performance Statistics

This section describes the ALES performance statistics feature, which enables collection of data about authentication and authorization for purposes of troubleshooting and performance analysis. It covers the following topics:

 

Enabling Performance Statistics Collection

The ALES performance statistic feature is controlled by an Auditing security provider, the PerfDBAuditor provider. Performance statistics are gathered for each Security Service Module in your ALES installation. In order to collect performance statistics for an SSM, you must enable and configure a PerfDBAuditor provider for that SSM.

Adding a PerfDBAuditor Provider

To add a PerfDBAuditor provider to an SSM other than a WebLogic Server 9.x SSM, use the ALES Administration Console. See Using Performance Statistics with WebLogic Server 9.x for information about how to enable performance statistics collection with the WebLogic Server 9.x SSM.

  1. Open the Security Configuration folder.
  2. Open the Service Control Manager folder that contains the Security Service Module for which you want to enable performance statistics collection and then open the Security Service Module folder.
  3. Open the Auditing folder, and click Auditor.

    4. The Auditor page appears.

  4. Click Configure a new Perf DBAuditor.
  5. On the General tab, assign a name for the provider, and then click Create.
  6. Click the Details tab and configure the PerfDBAuditor. See Configuring Performance Statistics Collection for information about how to set these values.
  7. Click Apply to save your changes.
Note: Changes made to a provider do not take effect until after it is explicitly deployed and the associated Security Service Module is restarted.

After you have added a PerfDBAuditor provider to your SSM configuration, you can disable it either by removing it, or by unchecking the Enable Performance Statistics checkbox on the provider's Details configuration page in the ALES Administration Console.

Using Performance Statistics with WebLogic Server 9.x

To add a PerfDBAuditor provider to a WebLogic Server 9.x SSM, use the WebLogic Server Administration Console:

  1. In the WebLogic Server Administration Console, navigate to Security Realms > <active security realm> > Providers > Auditing and click New.

    2. The Create a New Auditing Provider page appears.

  2. In the Name field, enter a name for the Auditing provider.
  3. From the Type drop-down list, select PerfDBAuditor as the type of the Auditing provider and click OK.
  4. Select Providers > Auditing and click the name of the new Auditing provider to complete its configuration.
  5. On the Configuration: Provider-Specific page for the Auditing provider, set the desired values. See Configuring Performance Statistics Collection for information about how to set these values.
  6. Click Save to save your changes.
  7. In the Change Center, click Activate Changes and then restart WebLogic Server.

After you have added a PerfDBAuditor provider to your SSM configuration, you can disable it either by removing it, or by unchecking the Enable Performance Statistics checkbox on the provider's Provider-Specific configuration page in the WebLogic Server Administration Console. You must then restart WebLogic Server for this change to take effect.

Limitations of Performance Statistics in the WebLogic Server 9.x SSM

Performance statistics for authorization in the WebLogic Server 9.x SSM are available only if you use the ASI Authorization provider. Performance statistics for authentication in the WebLogic Server 9.x SSM are not available unless you use the SSM Java API for authentication.

 

Configuring Performance Statistics Collection

Any changes in the configuration of the PerfDBAuditor provider require restarting the SSM to take effect. You can configure the following settings in the PerfDBAuditor provider:

Basic Behavioral Settings

Performance Statistics Interval

The interval setting specifies data collection interval, in minutes. This determines the length of periods during which the performance statistics data is accumulated before it is dumped to the database tables. All of the internal statistics counters are reset at the beginning of each interval. It should be a positive integer number. Required. The default is 5 minutes.

Performance Statistics Duration

You can collect performance statistics either in circular buffer mode or continuous mode. Circular buffer mode means that, after a specified amount of time elapses, new records are written over the oldest records from the same SSM in the database tables. This prevents performance statistics from growing to an unlimited extent. In continuous mode, records are not overwritten, but there is no limit imposed by the performance statistics feature to the potential size of the database tables.

The Performance Statistics Duration setting specifies whether to operate in circular buffer mode or continuous mode. A positive integer value causes performance statistics to be collected in circular buffer mode and specifies, in minutes, how long the statistics collection proceeds before new records start to overwrite the oldest ones. A special value of 0 means that no loopback will occur; statistics collection proceeds in continuous mode. The value of this field should be either a positive integer number, greater than the interval, or 0, which is the default. It is a required setting.

In either mode, when an SSM is restarted, all previously existing data is cleaned from the database. Performance statistics data is not preserved across SSM restarts.

Enable Performance Statistics

The Enable Performance Statistics checkbox specifies whether the performance statistics collection is enabled or disabled. It serves as a temporary means of disabling the statistics collection without removing the PerfDBAuditor provider from the SSM's configuration. You must restart the SSM after changing this setting before it will take effect. Required. The default is enabled.

Database Connection Settings

JDBC Driver Classname

Specifies which Java class will be used for communication with the database. Required; the default is oracle.jdbc.driver.OracleDriver.

JDBC Connection URL

Specifies the connection string to use with the specified driver class. Formats for the database URL and driver class name vary depending on the type of database you are using. For example:

Required.

Database User Login

Specifies the login name of database user with sufficient rights for working with the performance-related tables. This user must possess write and delete privileges for those tables. Required.

Database User Password

The password for the database user specified in the login setting. This password will be stored, in an encrypted form, in the ALES User Store and distributed to the SSM for accessing the database. Required.

JDBC Connection Properties

A parameter for specifying any additional database connection properties that may be needed, in name=value format. Optional.

Database Table Settings

The following specify elements of the database schema used for storing performance statistics data. The default database tables are part of the default ALES database schema. If you for some reason need to use different tables, you need to create them yourself in your database schema.

Authentication Statistics Table

The name of the table that contains authentication-related performance statistics. Optional, but at least one of Authentication Statistics Table or Authorization Statistics Table must be present. Default value is PERF_ATH_STAT.

Authorization Statistics Table

The name of the table that contains authorization-related performance statistics. Optional, but at least one of Authentication Statistics Table or Authorization Statistics Table must be present. Default value is PERF_ATZ_STAT.

Authorization Attributes Statistics Table

The name of the table that contains authorization attributes-related performance statistics. Optional. The default value is PERF_ATZ_ATTR_STAT.

Authorization Functions Statistics Table

The name of the table that contains authorization functions-related performance statistics. Optional. The default value is PERF_ATZ_FUNC_STAT.

 

Using Performance Statistics

The ALES performance statistics feature gathers the following information, for each SSM configuration ID and host name, aggregated for each time interval specified by the Performance Statistics Interval setting:

Performance statistics are stored in the database tables described in Performance Statistics Database Schema. To access the performance statistics, use SQL to retrieve the information you are interested in.

Remember that when an SSM is restarted, all previously existing data is cleaned from the database. Performance statistics data is not preserved across SSM restarts. Note also that performance statistics entries are uniquely identified by hostname and the ConfigID of the SSM; if you have two SSMs on the same host with the same ConfigID, their performance records will collide and only one will be stored successfully.

Performance Statistics Database Schema

Performance statistics are stored in four tables in the standard ALES database schema:

Authentication Statistics Table: PERF_ATH_STAT

This table contains authorization-related performance statistics.

Table 7-1 Authentication Statistics Table: PERF_ATH_STAT
Column
Type
Description
location
varchar(100)
The SSM that is the source of the statistics, recorded as <hostname> + <SSM Configuration ID> + AthEvent
id
number(12)
A sequential record ID.
starttime
date
The starting time of the interval.
interval
number(12)
The length of the interval in seconds.
totalreq
number(12)
The total number of authentication requests during the interval.
successes
number(12)
The number of successful authentication requests during the interval.
avrlatency
float(10)
Average request latency in milliseconds.

Authorization Statistics Table: PERF_ATZ_STAT

This table contains authorization-related performance statistics.

Table 7-2 Authorization Statistics Table: PERF_ATZ_STAT
Column
Type
Description
location
varchar(100)
The SSM that is the source of the statistics, recorded as <hostname> + <SSM Configuration ID> + AtzEvent
id
number(12)
A sequential record ID.
starttime
date
The starting time of the interval.
interval
number(12)
The length of the interval in seconds.
totalreq
number(12)
The total number of authorization requests during the interval.
successes
number(12)
The number of successful authorization requests during the interval.
avrlatency
float(10)
Average request latency in milliseconds.

Authorization Attributes Statistics Table: PERF_ATZ_ATTR_STAT

This table contains performance statistics related to user attributes required for policy evaluation during authorization.

Table 7-3 Authorization Attributes Statistics Table: PERF_ATZ_ATTR_STAT
Column
Type
Description
location
varchar(100)
The SSM that is the source of the statistics, recorded as <hostname> + <SSM Configuration ID>> + AtzAttr
id
number(12)
A sequential record ID.
name
varchar(100)
The name of the attribute for which statistics are collected.
totalreq
number(12)
The total number of authorization requests requiring this user attribute for evaluation during the interval.
avrlatency
float(10)
Average request latency in milliseconds.

Authorization Functions Statistics Table: PERF_ATZ_FUNC_STAT

This table contains performance statistics related to external functions called during authorization.

Table 7-4 Authorization Functions Statistics Table: PERF_ATZ_FUNC_STAT
Column
Type
Description
location
varchar(100)
The SSM that is the source of the statistics, recorded as <hostname> + <SSM Configuration ID> + AtzAttr
id
number(12)
A sequential record ID.
name
varchar(100)
The name of the external function for which statistics are collected.
totalreq
number(12)
The total number of authorization requests calling this external function during the interval.
avrlatency
float(10)
Average request latency in milliseconds.


  Back to Top       Previous  Next