Provisioning settings for OIM, Tuning Parameters, Server Configuration




  •  OIM Managed Server Heap

Change parameters at <DomainHome>/bin/setSOADomainEnv.sh in OIM domain.

DEFAULT_MEM_ARGS="-Xms4096M –Xmx4096M" PORT_MEM_ARGS="-Xms4096M -Xmx4096M"

Add parameters at <DomainHome>/bin/setDomainEnv.sh

XML Caching
-Djavax.xml.parsers.DocumentBuilderFactory=weblogic.xml.jaxp.RegistryDocumentBuilderFactory
-Djavax.xml.parsers.SAXParserFactory=weblogic.xml.jaxp.RegistrySAXParserFactory

Protocol Stack
-Djava.net.preferIPv4Stack=true

Example:
EXTRA_JAVA_PROPERTIES="${EXTRA_JAVA_PROPERTIES}
-Djavax.xml.parsers.DocumentBuilderFactory=weblogic.xml.jaxp.RegistryDocumentBuilderFactory
-Djavax.xml.parsers.SAXParserFactory=weblogic.xml.jaxp.RegistrySAXParserFactory
-Djava.net.preferIPv4Stack=true"

export EXTRA_JAVA_PROPERTIES



  • GC Tuning of OIM Server

Add the following JAVA_OPTIONS in <DomainHome>/bin/setDomainEnv.sh.
-Xns1024m -XXkeepAreaRatio:25 -Xgc:pausetime
-XpauseTarget:200ms -XXnoSystemGC -Xgc:genpar -Xverbose:gc -Xverboselog:<path>


  • Datasource Tuning
Set the following parameters for each OIM and SOA datasource:




  • JTA Tuning
Note:
JTA transaction time out < DataSource XA Transaction Timeout < distributed_lock_timeout (at DB).

distributed_lock_timeout (in DB): 360

SQL> select value from v$parameter where upper(name) = 'DISTRIBUTED_LOCK_TIMEOUT';
SQL> alter system set distributed_lock_timeout=360 scope=spfile;

Set the JTA parameter from the WLS console -

Navigate to Services > JTA

Timeout Seconds = 300
Under Advanced: Maximum resource requests on a server = 800

  •  JMS Queue
 Navigate to Services > Messaging > JMS Servers > OIMJMSServer. Change the Message Buffer Size to 1073741824 (1GB).

 Navigate to Services > Messaging > JMS Servers > OIMJMSServer > Thresholds > Quota: Change Messages Maximum: 1000000

  • WLS Protocol (optional)
Increase the protocol message size setting as below if 'weblogic.socket.MaxMessageSizeExceededException' is encountered:

1. Log in to the <OIM DOMAIN> Weblogic admin console.
2. Navigate to Environment > Servers > OIM server > Protocols > General tab.
3. Change the value of 'Maximum Message Size' to a larger value i.e 50000000. The default value is 10000000.


  •  Work Managers
 Navigate to Environment > Work Managers.

o Change Count from 20 to 500 for MaxThreadsConstraint-0
o Change Count from 80 to 2000 for MaxThreadsConstraint-1

Note:
Keep the ratio 1:4


  • OIM Configuration
The following OIM configurations are stored in oim-config.xml file in MDS. To make the changes, export oim-config.xml from MDS and import the edited values bask into MDS.

  •  OIM Cache Tuning

For clustered setup, tune the OIM cache in the oim-config.xml by setting "clustered" and "enabled" to "true" as shown below:



OIM Broadcast Message
OIM defaults the following multicast IP addresses in the oim-config.xml. If NOT changed, there will be broadcast messages spawning across multiple environments in the same subnet.
......
<xLCacheProviderProps multicastAddress="235.10.05.105" size="5000">
......


<schedulerConfig DSJndiURL="jdbc/operationsDB" clustered="true" dataBasePoolSize="10" databaseDelegate="org.quartz.impl.jdbcjobstore.StdJDBCDelegate"implementationClass="oracle.iam.scheduler.impl.quartz.QuartzSchedulerImpl" instanceID="AUTO" multicastAddress="236.16.16.225" nonTxnDSJndiURL="jdbc/oimJMSStoreDS"quartzTablePrefix="QRTZ92_" schedulerUser="xelsysadm" startOnDeploy="true" threadPoolSize="10"><pluggableParams>


  •  OIM DirectDB Configuration
Update the connection string with the following format. An example is provided below.
<directDBConfigParams checkoutTimeout="1200" connectionFactoryClassName="oracle.jdbc.pool.OracleDataSource" connectionPoolName="OIM_JDBC_UCP"driver="oracle.jdbc.OracleDriver" idleTimeout="360" maxCheckout="1000" maxConnections="5" minConnections="2" passwordKey="OIMSchemaPassword"sslEnabled="false" url="jdbc:oracle:thin:@(DESCRIPTION =(ADDRESS=(PROTOCOL=TCP)(HOST=scan-host)(PORT=1521))(CONNECT_DATA=(SERVER=DEDICATED)(SERVICE_NAME=srvName.us.oracle.com)))" username="OIM_OIM" validateConnectionOnBorrow="true">

Note:
The point to be noted here is that the DB connection string should use the scan to connect to the RAC DB.


  • Max Connections Tuning
Change the default value of maxConnections="5" to maxConnections="100".
<directDBConfigParams checkoutTimeout="1200" connectionFactoryClassName="oracle.jdbc.pool.OracleDataSource" connectionPoolName="OIM_JDBC_UCP"driver="oracle.jdbc.OracleDriver" idleTimeout="360" maxCheckout="1000" maxConnections="100" minConnections="2" passwordKey="OIMSchemaPassword"sslEnabled="false" url="jdbc:oracle:thin:@(DESCRIPTION =(ADDRESS=(PROTOCOL=TCP)(HOST=scan-host)(PORT=1521))(CONNECT_DATA=(SERVER=DEDICATED)(SERVICE_NAME=srvName.us.oracle.com)))" username="OIM_OIM" validateConnectionOnBorrow="true">


  • OIM Deployment Mode
For clustered setup, set Deployment Mode from “simple” to “cluster” in the oim-config.xml by setting " deploymentMode" attribute as shown below:
<deploymentConfig>
<appServerName>weblogic</appServerName>
<initialContextFactory>weblogic.jndi.WLInitialContextFactory</initialContextFactory>
<dataBaseType>oracle</dataBaseType>
<deploymentMode>cluster</deploymentMode>
</deploymentConfig>


  •  OIM Audit
Audit Level = Resource Form

Note:
This is the default audit level and is strongly recommended.


  • OIM Bulkload Scheduler Job
Navigate to OIM Advance Console > Search Schedular Jobs.
Search for "Bulk Load PAAS Users" Schedule Job.
Change the value for "Number of Bulk Load Threads" as below:
Number of Bulk Load Threads = 20

Note:
This is the default value and is recommended. We recommend that you do not add more than 50 threads.

Job Periodic Settings = 30 minutes. This parameter determines how frequently the BulkUpload process runs.


  • LDAP Sync Tuning Parameters
These are general OIM, OVD and OID configuration parameters that should be considered for tuning based on the load, hardware and volume when LDAP Sync with OVD/OID is enabled.



 IT Resource configuration:
1. Log in to OIM > Advanced Console.
2. Configuration > Manage IT Resource.
3. Choose Directory Server for type and search.
4. Edit the Directory Server field:

 Initial pool size : 20 (initial 5)
 Max pool Size : 200 (initially 10)
 Min pool size : 20 (initial 5)

LDAP Sync Incremental Reconciliation Tasks
o LDAP User Create and Update Reconciliation
o LDAP Role Create and Update Reconciliation
o LDAP Role Hierarchy Reconciliation
o LDAP Role Membership Reconciliation


1. Log in to OIM > Advanced Console.
2. System Management > Search Scheduled Jobs.
3. Search for the above mentioned jobs.
4. Edit Parameters > Batch Size: 100 - 500.
5. Job Periodic Settings > 1 minute.

Note1:
Make similar changes for all the above mentioned jobs.

Note2:
The OIM Orchestration cleanup (Orchestration Process Cleanup Task) is an important scheduled job, and should run every 5 minutes. Set the batch size of this scheduled

No comments:

Post a Comment

Subscribe to: Posts (Atom)

About OIM

Oracle Identity Management enables organizations to effectively manage the end - to - end life - cycle of user ide...

Popular Posts

  • OIM API's
    OIM API's Sample Code : Videos:  Massive Gaze Videos Connection Related API's :   OIM DB Connection/ Data Source connection ...
  • OIM 11G R2 /R2PS2 / R2PS3/ 12C Functionalities
    Videos:  Massive Gaze Videos   1.  Basic OIM Information 2.  MDS Export/Import 3.  Steps For R2PS2 / R2PS3 Custom Pre-processor Ev...
  • OIM Data Base
    Videos:  Massive Gaze Videos 1.   Query to get OIM Provsioned/provisioning Account details 2.   Query to get usr keys For Rejected / ...