test

Sun Identity Manager 8.1 System Administrator's Guide

Chapter 1 Configuring Identity Manager Server Settings

This chapter describes how to set Identity Manager properties and configure your Identity Manager servers to run specific tasks.

The information in this chapter is organized into the following topics:

Using Waveset.properties to Configure Identity Manager

Some Identity Manager settings can only be updated by editing Waveset.properties in a text editor. The Waveset.properties file is located in the config directory in your base Identity Manager installation directory ($WSHOME/config or %WSHOME%/config).

The Waveset.properties file is loosely organized into the following sections:

ProcedureTo Edit Waveset.properties

  1. In a text editor, open Waveset.properties, which is located in the config directory in your base Identity Manager installation directory ($WSHOME/config or %WSHOME%/config).

  2. Modify the setting (or settings) that you want to change and save the file.

  3. Repeat as needed on other Identity Manager instances.

Using the Administrator Interface to Configure Identity Manager

This section provides basic instructions for using the Administrator tool to configure server-specific settings for reconciler, scheduler, JMX and other tasks.

ProcedureTo Configure Identity Manager Settings from the Administrator Interface

To edit server-specific settings that enable Identity Manager servers to run only specific tasks

  1. In the Administrator interface, click Configure -> Servers.

    The Configure Servers page opens.

  2. When the Configure Servers page displays, click a server name in the list.

    Identity Manager displays the Edit Server Settings page.

  3. Modify the settings on the Edit Server Settings page that you want to change, and then click Save.

Reconciler Settings

The reconciler is the Identity Manager component that performs reconciliation. To learn about reconciliation, see Account Reconciliation in Sun Identity Manager 8.1 Business Administrator’s Guide.

This section provides instructions to help you perform the following tasks:

Note –

For information about tuning and troubleshooting the reconciler, see Chapter 5, Tracing and Troubleshooting.

ProcedureTo Configure Reconciler Settings

Use the following steps to configure the Reconciler:

  1. Follow the steps described in Using the Administrator Interface to Configure Identity Manager.

  2. Select the Reconciler tab.

    Reconciler settings display on the Edit Server Settings page by default.

  3. Accept the default values or deselect the Use the default option to specify custom values.

    Note –

    To change the default reconciler settings used by Identity Manager servers, see Editing Default Server Settings.

  4. Configure the following settings.

    • Parallel Resource Limit. Specify the maximum number of resource threads that the reconciler can process in parallel. Resource threads allocate work items to worker threads, so if you add additional resource threads, you may also need to increase the maximum number of worker threads. For new installations, the default value is 3.

    • Minimum Worker Threads. Specify the number of processing threads that the reconciler will always keep alive. For new installations, the default value is 2.

    • Maximum Worker Threads. Specify the maximum number of processing threads that the reconciler can use. The reconciler will only start as many threads as the workload requires. This places a limit on that number. Worker threads automatically close if they are idle for a short duration. For new installations, the default value is 6.

ProcedureTo View Reconciler Status

Use the following steps to view reconciler status information:

  1. Open the Reconciler Status debug page by typing the following URL into your browser:

    http://<AppServerHost>:<Port>/idm/debug/Show_Reconciler.jsp

    Where AppServerHost is a host that has the reconciler enabled.

    Note –

    You must have the Debug capability to view /idm/debug/ pages. For information about capabilities, see Assigning Capabilities to Users in Sun Identity Manager 8.1 Business Administrator’s Guide.

  2. Refresh the Reconciler Status page to view updated reconciler status information. For additional information about this page, click Help.

Scheduler Settings

The scheduler component controls task scheduling in Identity Manager.

    To configure scheduler settings on a particular server,

  1. Follow the steps under Using the Administrator Interface to Configure Identity Manager.

  2. Select the Scheduler tab.

    You can accept the default values or deselect the Use default option to specify the following custom values.

    • Scheduler Startup. Select a startup mode for the scheduler on this server:

      • Automatic. Starts when the server is started. This is the default startup mode.

      • Manual. Starts when the server is started, but remains suspended until manually started.

      • Disabled. Does not start when the server is started.

    • Tracing Enabled. Select this option to activate scheduler debug tracing to standard output on this server.

    • Maximum Concurrent Tasks. Select this option to specify the maximum number of tasks, other than the default, that the Scheduler will run at any one time. Requests for additional tasks above this limit will either be deferred until later or run on another server.

    • Task Restrictions. Specify the set of tasks that can execute on the server. To do this, select one or more tasks from the list of available tasks. The list of selected tasks can be an inclusion or exclusion list depending on the option you select. You can choose to allow all tasks except those selected in the list (the default behavior), or allow only the selected tasks.

  3. Click Save to save your changes to the server settings.

To change the default scheduler settings for Identity Manager servers, see Editing Default Server Settings. For information about tuning and troubleshooting the scheduler, see Tuning the Scheduler and Tracing the Task Scheduler.

Email Template Server Settings

To configure SMTP server settings, follow the steps under Using the Administrator Interface to Configure Identity Manager. Select the Email Template tab.

Specify the default email server by clearing the Use Default selection and entering the mail server to use, if other than the default. The text you enter is used to replace the smtpHost variable in Email Templates.

Simple Mail Transfer Protocol (SMTP) is the standard for email transmissions across the Internet.

To change the default SMTP settings for Identity Manager servers, see Editing Default Server Settings.

Configuring JMX Monitoring

Java Management Extensions (JMX) is a Java technology that allows for managing and/or monitoring applications, system objects, devices, and service oriented networks. The managed/monitored entity is represented by objects called MBeans (for Managed Bean).

This section describes how to configure JMX on an Identity Manager server so that a JMX client can monitor the system for changes.

Note –

You can also configure Identity Manager to make audit events available using JMX. For information, see The JMX Publisher Type in Sun Identity Manager 8.1 Business Administrator’s Guide.

ProcedureTo Configure JMX Polling Settings

Use the following process to configure JMX polling settings on an individual server:

  1. Follow the steps described in Using the Administrator Interface to Configure Identity Manager. Select the JMX tab.

  2. Enable JMX cluster polling and configure the interval for the polling threads.

    Use the following options:

    • Enable JMX. Enables or disables the polling thread for the JMX Cluster MBean. To enable JMX, clear the default selection (Use the false default setting). Because of the use of system resources for polling cycles, enable this option only if you plan to use JMX.

    • Polling Interval (ms). Changes the default interval at which the server polls the repository for changes, when JMX is enabled. Specify the interval in milliseconds.

      The default polling interval is set to 60000 milliseconds. To change it, clear the check box for this option and enter the new value in the entry field provided.

  3. Click Save to save changes to the server settings.

    Note –

    To change the default JMX polling settings for Identity Manager servers, see Editing Default Server Settings.

Viewing JMX Data

Use a JMX client to view data gathered by JMX. JConsole, which is included in the JDK 1.5, is one such client.

Using JConsole Locally

To use JConsole on the same machine your server is running on, set the JAVA_OPTS property as follows:

-Dcom.sun.management.jmxremote

JConsole will connect using the correct PID.

Using JConsole Remotely

To use JConsole remotely, set the JAVA_OPTS property as follows:

Other settings may also be necessary depending on your environment. Refer to the JConsole documentation for more information.

Note –

You can also view JMX data by going to the Identity Manager debug page (http://host:port/idm/debug) and clicking the Show MBean Info button.

For more information on JMX, visit this website:

http://java.sun.com/javase/technologies/core/mntr-mgmt/javamanagement/docs.jsp

Editing Default Server Settings

The Default Server Settings feature lets you set the default settings for all Identity Manager servers. The servers inherit these settings unless you select differently in the individual server settings pages.

ProcedureTo Edit the Default Server Settings

  1. In the Administrator interface, click Configure -> Servers.

    The Configure Servers page opens.

  2. Click Edit Default Server Settings.

    The Edit Default Server Settings page opens.

    The Edit Default Server Settings page displays the same options as the individual server settings pages. For help, refer to the documentation for the individual server settings pages.

    Changes you make to each default server setting is propagated to the corresponding individual server setting, unless you have deselected the Use default option for that setting.

    Click Save to save changes to the server settings.