Symantec Access Management

 View Only

Visual Aid to Identity Suite Provisioning Tier Performance Updates

  • 1.  Visual Aid to Identity Suite Provisioning Tier Performance Updates

    Posted Mar 12, 2018 07:01 PM

    Team,

     

    We usually provide updates to the default installation of the CA Identity Suite solution in tech notes, or design document.    While these help, and with the use of the community site to collect these; I have found that creating a visual representation of these processes helps during initial discussions and to lower the learning curve challenge to new processes.

     

     

    I have created a document, that captures the performance updates, that I and others have collected over the years, to assist with your own projects or upgrades.   I strongly recommend the use of Jmeter or similar tools to capture your before metrics and after metrics, to demonstrate to yourself, that these updates do have value.

     

     

    I have selectively pulled some of the diagrams from this PDF document to demonstrate what can be done to enhance the default installation to scale to larger number of transactions.

     

     

    BEFORE STATE:

     

     

    AFTER STATE:

     

     

     

    We have included other updates that will assist as well, e.g. AV exclusions, Log file rotation, selectively update paging for the CX JNDI (LDAP) connectors.

     

     

    RIGHT SIZING:  Use Jmeter (open source tool), to build your LDAP testing process, and "push-the-solution-to-failure" to identify WHEN you should horizontally scale.  This process will demonstrate where the "bottleneck" is within your solution stack.     

     

    As a guideline, the only "bottlenecks" for the Identity Suite solution, should be the managed endpoints response or the I/O of the disks for the objectstore database (e.g. HDD on SANS).     If these are the only bottlenecks, they can be addressed with additional connection pools (horizontally scale) and/or SSD/flashram for SANS systems.

     

     

    Cheers,

     

    Alan 

     

    Enclosing current document; and an older supporting document using the IAMCS connector as the provisioning load-balancer and how to validate.