Oracle Access Manager uses the Oracle Dynamic Monitoring Service (DMS) to measure application specific performance information for both OAM Servers and Agents. This chapter provides the following topics:
Note:
This chapter describes how to use Oracle Access Manager to monitor performance metrics. However, you can also use Oracle Enterprise Manager Fusion Middleware Control to monitor Oracle Access Manager performance metrics, as follows:Select Oracle Access Manager under Identity Management to go to the home page.
On the Home page you can monitor Oracle Access Manager.
Select Performance from the Oracle Access Manager menu to view performance metrics.
Metric collection is the mechanism by which components collect information in memory for particular events. Based on these events, you can monitor the time spent in a particular area or track particular occurrences or state changes. These metrics are kept only in memory and there are several mechanisms to extract and display them: EM, dmsSpy, dmsDump, for instance.
Administrators can monitor performance for Oracle Access Manager 11g using the Monitoring command from the System Configuration tab, Actions Menu.
The OAM Proxy provides the same or comparable throughput as the Oracle Access Manager 10g Access Server. Throughput refers to the number of requests processed per second. Latency refers to the time required to process a particular request. There is less than a 20% latency increase with the introduction of a proxy between WebGate and OAM Server.
Performance of the OAM Proxy can be tuned by changing its configuration through the Java EE container Administration Console. Both the Java EE container Administrator and the OAM Administrator can tune performance.
Metric | Description |
---|---|
handshakes.active |
Number of active threads doing handshake |
handshakes.avg |
Average time spent performing initial handshake |
handshakes.completed |
Number of times an initial handshake has been executed |
handshakes.maxTime |
Maximum time spent performing initial handshake |
handshakes.minTime |
Minimum time spent performing initial handshake |
handshakes.time |
Total time spent performing initial handshake |
failedHandshakes.count |
Count of failed handshakes |
peerCompatibilityFailures.count |
Count of how many Peer Compatibility Check Failures have happened |
openSecurityMode.count |
Count of how many Open Security Mode handshakes have happened |
simpleSecurityMode.count |
Count of how many Simple Security mode handshakes have happened |
SSLSecurityMode.count |
Count of how many SSL Security Mode handshakes have happened |
negotiateSecurityMode.active |
Number of active threads doing security mode negotiation |
To monitor an agent or server instance
From the System Configuration tab, navigation tree, locate and select the name of the instance to monitor:
OAM Agent Name
OSSO Agent Name
OAM Server Name
From the Actions menu, click Monitor and review metrics on the page that opens as described in following steps.
OAM Server: On the instance page that opens, view the results.
Server Processes Overview
Session Operations
Server Operations
OAM Agents
OAM Agent:
Connectivity
Operations Overview
Operations Detail
Information
OSSO Agent: On the instance page that opens, view the results.
Processes Overview
Operation Detail
This section describes how to review metrics for various components and how to determine whether tuning is needed. The following topics are included:
This section provides the following information:
Table 15-2 provides the tuning parameters for the OAM Proxy.
Table 15-2 OAM Proxy Tuning Parameters
Purpose | Parameter | Type | Value | Description |
---|---|---|---|---|
Throttle |
MaxGlobalBufferSize Note: Proxy server can limit (throttle) the quantity of requests within a specified amount of time not to be exceeded by the proxy server to avoid crashes due to unavailability of resources (like memory. In such cases, a status code is returned indicating that the client should temporarily route requests to other servers |
Integer |
The maximum memory in KB of the message queue across all the connections. If this value is exceeded, OAM proxy will not accept further requests on a connection. If a value of 0 or less than 0 is specified, this parameter will not be used |
|
Denial of Service Attacks |
ConnectionValidationInterval |
Integer |
120 |
The time interval in seconds for validating the connections periodically for denial of service attacks |
BacklogQueue |
Integer |
50 |
Maximum length of backlog queue |
|
MaxNAPHandShakeTime |
Integer |
100 |
The maximum time in milliseconds within which the client should complete the NAP handshake with client. If NAP handshake over a connection is not completed within this time, the connection will be marked as malicious |