Note: If you enable X11 libraries on the vApp, you may wish to use the GUI version of jboss-cli.sh to review the ca-stanalone-full-ha.xml on the vApp; and make changes with low risk, as the tool will prevent changes that it will not accept.
Original Message:
Sent: 06-21-2021 08:45 PM
From: Alan Baugher
Subject: Re: Performance Notes for CA Identity Manager (IM)
Hi Rafael,
For the JVM arguements, there are three files that the 'config' ID has access to. Any update here will overwrite about 90% of any predefined JVM settings.
/opt/CA/VirtualAppliance/custom/IdentityManager/jvm-args.conf/opt/CA/VirtualAppliance/custom/IdentityGovernance/jvm-args.conf/opt/CA/VirtualAppliance/custom/IdentityPortal/jvm-args.conf
{also a JVM custom configuration file for JCS: /opt/CA/IdentityManager/ConnectorServer/data/jvm_options.conf }
https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/identity-suite/14-4/virtual-appliance/administering-virtual-appliance.html#concept.dita_484b93c7f06198e8b27adcc2537229358eb17777_CustomJVMArguments
For updates to the primary configuration files of ca-standalone-full-ha.xml, you will need to use a Wildfly management ID.
The vApp has a sudo command for the 'config' user to add Wildfly application [-a switch] and/or management IDs. [-m switch]
sudo /opt/CA/wildfly-idm/bin/add-user.sh -m -u jboss-admin -p Password01!
Then you can build your jboss-cli.sh scripts.
IMPORTANT NOTE: Always use "batch" mode, to avoid impacting startup of Wildfly with incorrect values.
Batch mode will rollback any changes that it can not accept.
Examples for update using jboss-cli.sh CLI scripts (with batch mode).
https://anapartner.com/2020/04/26/advanced-oracle-jdbc-logging/
Cheers,
Alan
------------------------------
Alan Baugher
ANA Technology Partner (anapartner.com)
Original Message:
Sent: 06-21-2021 07:07 PM
From: Rafael Nicola Dias de Oliveira Sousa
Subject: Re: Performance Notes for CA Identity Manager (IM)
Hi Alan,
How can I do that in VAPP 14.3 ? These files are read only.
Original Message:
Sent: 03-05-2021 03:11 PM
From: Alan Baugher
Subject: Re: Performance Notes for CA Identity Manager (IM)
If you are seeing delays with Startup and the other improvements have not address the delay between STEP4 and STEP5, you may wish to increase the bandwidth of the messaging bus.
The documentation has notes on adjustments for this via ejbs.
https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/identity-manager/14-3/installing/install-on-jboss-or-wildfly/fine-tune-jboss-or-wildfly-configurations.html
The files are exposed for the 'config' userID to update on the vApp as well.
#### If you need to start quicker until performance tweaks resolve this issue ###
If the startup time is > 10 minutes, you can short cut the IMPS provisioning roles sync (where Provisioning Role names are checked against the IM_ROLE table). During STEP4, and after 10 minutes, stop the imps service (imps stop ), wait 5 minutes, then restart imps service (imps start).
This will interrupt the provisioning server sync process, and allow the IME to continue to start.
- If all Provisioning Roles are created via the IME, this is low risk; as this is top-tier architecture and top-to-bottom data flow.
- If any Provisioning Role is created via the IMPS GUI, then please allow the sync to occur at least once to keep the tables in sync.
------------------------------
Alan Baugher
ANA Technology Partner (anapartner.com)
Original Message:
Sent: 03-05-2021 02:12 PM
From: Alan Baugher
Subject: Re: Performance Notes for CA Identity Manager (IM)
Hi Suresh,
The IM screen indexes need to be added after an IME is created.
The official notes are still in the readme file in the IAMSuite samples folder.
If you have access to the Oracle SQL Developer UI, and the IM Database, you can paste the few lines into the UI and commit them.
------------------------------
Alan Baugher
ANA Technology Partner (anapartner.com)
Original Message:
Sent: 02-22-2021 09:49 AM
From: Suresh Vaidyam
Subject: Re: Performance Notes for CA Identity Manager (IM)
Hi Alan,
The changes that are mentioned in PDF's for performance improvement in main post is this applicable to VAPP 14.3, or this are already implemented in VAPP14.3.
We are trying to get screen indexes done in Oracle DB.
Thanks
Suresh
Original Message:
Sent: 07-27-2018 12:23 PM
From: Alan Baugher
Subject: Re: Performance Notes for CA Identity Manager (IM)
Team,
Just a reminder; even on the vApp or standalone deployments; do not forget to add indexes to the IM Screens Tables.
See the readme under the CA Identity Suite samples / tool kit / examples.
NOTE: These IM Screen Tables are built ONLY after an IME is created. If you delete an IME, you will need to re-add these indexes upon creating the new IME.
<Paste in this section to allow easier search ability:>
config@vapp0001 VAPP-14.1.0 (192.168.242.146):/opt/CA/IdentityManager/IAM_Suite/IdentityManager/tools/samples/ObjectStore >
config@vapp0001 VAPP-14.1.0 (192.168.242.146):/opt/CA/IdentityManager/IAM_Suite/IdentityManager/tools/samples/ObjectStore > cat Readme.txt
The following files will add indices for Objectstore tables IM_SCREEN_LD & IM_SCREEN_FIELD_LD.
objectstore_db_oracle.sql
objectstore_db_sqlserver.sql
Please note that the tables must exist before attempting to run these files. Also, these tables are not created if no environment exists i.e. this is a fresh installation, hence the files should be run AFTER environment creation.config@vapp0001 VAPP-14.1.0 (192.168.242.146):/opt/CA/IdentityManager/IAM_Suite/IdentityManager/tools/samples/ObjectStore >
config@vapp0001 VAPP-14.1.0 (192.168.242.146):/opt/CA/IdentityManager/IAM_Suite/IdentityManager/tools/samples/ObjectStore > cat objectstore_db_oracle.sql
-- Adding indices for Objectstore tables IM_SCREEN_LD & IM_SCREEN_FIELD_LD
create index idx_IM_SCREEN_LD on IM_SCREEN_LD(REF_ID);
create index idx_IM_SCREEN_FIELD_LD on IM_SCREEN_FIELD_LD(REF_ID);
commit;
config@vapp0001 VAPP-14.1.0 (192.168.242.146):/opt/CA/IdentityManager/IAM_Suite/IdentityManager/tools/samples/ObjectStore >
EXAMPLE BEFORE: (no indexes on the two IM Screen Tables)
CREATING INDEXES:
- Copy/Paste example from CA Identity Suite samples; update for your correct naming convention for these two (2) tables, e.g. service_id.IM_SCREEN_LD & service_id.IM_SCREEN_FIELD_LD
AFTER EXAMPLE: Indexes added
Test your startup & Run-n-Operate metrics before and after.
Cheers,
Alan