Tuesday Jul 09, 2013

Necessity is the mother of invention: Technical Solutions Developed in the Field by Kishan Malineni (Accenture)

As promised in last week’s post, today we will go into tuning specifics and address well proven tricks of the trade, used by IAM guru’s to maximize your solution while addressing the requirements of global organizations.

 

In this post we will use a specific, anonymous project example to walk you through the process, specifically:

  1. Setting the Stage: Establish Service Level Agreements and Critical Project Metrics
  • In our example, the goal was to support page load times for OIM access requests of less than 5 seconds for 40 concurrent users. All of this would have to be possible with a 100,000+ active user base dispersed globally.
  1. Approach:
  • Accenture teamed with Oracle Product Development and Field Engineering to troubleshoot the performance issues
  • Identify the issues and release appropriate Merge Label Requests (patches) on top of Bundle Patch 06
  • Secure Socket Layer (SSL) Certificates presented a unique scenario, which when pushed to all end users through a Group Policy Object (GPO), they decreased load time for the pages listed below by up to 15 seconds:
      • Login page
      • Home page/dashboard
      • User Search
      • User account details
  1. Getting Started in your Implementation:
  • Technical Steps
  • Proactively teaming with Oracle 

4.      Challenges:

  • Single server location presents network concerns for distributed user base which compounds the need for high application performance.
  • Internet Explorer is client standard and is dramatically slower than open source browsers due to the complex ADF framework.
  • Traditional downtime non-existent with users in time zones across the globe
  • Despite having 4 physical servers with 8 managed nodes, page load times were not meeting the 5 second or less requirement
  • This client was an early adopter of 11gR2 release, as part of the Oracle Beta program

 

The goal for any new software implementation is for it to be fast and that’s no different for this Global Financial Services client. The Accenture team worked closely with the client to address numerous requirements including mapping complex provisioning, de-provisioning, and numerous other lifecycle changes.

 

Naturally for requirements as demanding as these, a robust technical architecture was required. Within the Design Phase and into the Test Phase, the Accenture team was seeing page load times of more than five seconds.

 

After engaging Oracle via a service request, the project team was able to engage Oracle engineers to specifically resolve the performance issues that were identified. Initially, baselines were taken across multiple browsers including Internet Explorer 8, Mozilla Firefox, and Google Chrome. Oracle was able to help the project team to identify a bundle patch that was expected to dramatically decrease page load times. With the OIM code fully optimized, the magnifying glass could be applied to the browsers within the client’s enterprise standard builds.  

 

Through a collaborative effort involving extensive testing, it was determined that Internet Explorer 8 (IE8) required additional security certificates to be pushed to the intermediate store. Through this change, page load times decreased by up to 15 seconds. Fortunately, through a Group Policy Object, the client is able to push this change to all users within the enterprise.

 

With the help of Oracle Product Management, several iterations of testing were performed to collect test data and provide to the client stakeholder team. During this process Accenture and Oracle provided daily updates to the client to ensure awareness of all stakeholders.

 

Step 1 of Problem Solving:

The combined Oracle and Accenture team performed the following steps to dramatically improve the page load times for 40 concurrent users:

  • Modified Java Virtual Machine settings and increased memory to each managed node
  • Applied Bundle Patch 04
  • Applied performance patch for Catalog and My Access which provided the following page load times:

 

Step 2: The Project Team and Oracle Team then performed the following changes:

  • Modified OIM operations, Java message service, SOA, applications data sources
  • Applied HTTP compression
  • Applied performance patch for user profile/search
  • Disabled web cache

 

 

Step 3: After seeing a dramatic decrease in page load times, the final performance tweaks were applied:

 

  • Applied Bundle Patch 06
  • Applied Application Development Framework (ADF) Merge Label Request
  • Apply OIM Merge Label Request for User Interface Self Service Workflows
  • Internet Explorer 8 (IE8) specific Issues: Unchecking “Check for Server Certificate Revocation” within IE8. This update will be performed through a Group Policy Object (GPO) change.

 

Final Results:

 

Conclusion: Upon achieving the desired results for page load times the Accenture Project Team was able to deploy the OIM to Production environments.

   

While this client experience highlights specific examples of performance tuning for Oracle IAM, the approach and collaboration are just as critical and can be applied to many other implementation challenges.  Additionally, it is also critical to use industry leading practices for planning and implementing your IAM program, including:

  • Clustering OIM managed servers
  • Clustering SOA servers
  • Using Oracle database real application cluster
  • Using fully qualified domain names
  • Ensure ports used are non-conflicting and similar across the clustered servers
  • Utilizing Coherence for SOA (SOA clustering)
  • Oracle HTTP Server configuration is critical to load balance between clustered servers correctly
  • Set ideal connection pool settings, message buffer size, caching, statement cache size, inactive connection timeout parameters for the system data sources deployed with OIM

Implementing a high performance IAM implementation will have a substantial impact on the success of your team and your program and it requires a combination of well-trained IAM SMEs, clearly established metrics and SLAs, leveraging best practices and industry leading solutions, and most importantly a strong collaborative approach across teams.

Please stay tuned for next week’s series installment on The Art & Science of Performance Tuning of Oracle IAM 11gR2 where we will share war stories of clients across industries finding paths to success with Oracle IAM and Accenture

About

Oracle Identity Management is a complete and integrated next-generation identity management platform that provides breakthrough scalability; enables organizations to achieve rapid compliance with regulatory mandates; secures sensitive applications and data regardless of whether they are hosted on-premise or in a cloud; and reduces operational costs. Oracle Identity Management enables secure user access to resources anytime on any device.

Search

Archives
« July 2013 »
SunMonTueWedThuFriSat
 
3
4
5
6
7
8
13
14
18
19
20
21
22
24
25
26
27
28
29
30
   
       
Today