OID Tuning
- OID Search limits
Minimize the number for ‘Max no. of entries to be returned by a search’ to utilize the optimum memory resources ; Below screen is the default settings. Should change based on the requirements.
Maximum time allowed for a search to complete (sec) – change to 600
Anonymous Bind change to Disallow
- OID Performance
properties
Below screen tells the default setting..
Change the following parameters:
Number of OID
LDAP Server Processes = 4
[should be equal to the OS allocated CPUs ; for archTest CPUs are 4]
Number of DB Connections per Server Process= 10
[if 4 processes then 40 ldap connections]
LDAP Idle Connection Timeout (min) = 60
[default is 0]
Number of Dispatcher Threads per Server Process = 5120
Number of Dispatcher Threads per Server Process =10
[should be equal to the OS allocated CPUs ; for archTest CPUs are 4]
Number of DB Connections per Server Process= 10
[if 4 processes then 40 ldap connections]
LDAP Idle Connection Timeout (min) = 60
[default is 0]
Number of Dispatcher Threads per Server Process = 5120
Number of Dispatcher Threads per Server Process =10
Example:
1. Make sure the following attributes are Indexed in OID :[from
ODSM-Schemas tab and select the specified attribute in Attr definition screen right should be
checked the Indexed field] :
uid
cn
FTBUserList
uid
cn
FTBUserList
2. Indexing attributes using the catalog tool:
a) Set the ORACLE_HOME environment variable to the your IDM
ORACLE_HOME installation. If you’ve accepted the names given to you by the
Oracle Installer, this value is typically $MW_HOME/Oracle_IDM1. The catalog
tool is found under $ORACLE_HOME/ldap/bin
b) Set the ORACLE_INSTANCE environment variable to your IDM instance installation. If you’ve accepted the names given to you by the Oracle Installer, this value is typically $MW_HOME/asinst_1. Under $ORACLE_INSTANCE you should find a tnsnames.ora under the config folder. This is where the catalog tool gets your database connection details.
c) Run
$ORACLE_HOME/ldap/bin/catalog connect=”OIDDB” add=true attribute=”assistant”
b) Set the ORACLE_INSTANCE environment variable to your IDM instance installation. If you’ve accepted the names given to you by the Oracle Installer, this value is typically $MW_HOME/asinst_1. Under $ORACLE_INSTANCE you should find a tnsnames.ora under the config folder. This is where the catalog tool gets your database connection details.
c) Run
$ORACLE_HOME/ldap/bin/catalog connect=”OIDDB” add=true attribute=”assistant”
a. DB global
settings : Make sure the following parameters values should not be less than
the specified below values.
processes - 500
pga_aggregate_target - set this to 1-4GB, if sufficient RAM is available
job_queue_processes - Tune this parameter only if you are using Oracle Database Advanced Replication-based multi master replication
processes - 500
pga_aggregate_target - set this to 1-4GB, if sufficient RAM is available
job_queue_processes - Tune this parameter only if you are using Oracle Database Advanced Replication-based multi master replication
b.
Increase the DB connections (Optional):
Increase the DB connections for each process: Refer the step 2 for this param change..
Number of DB Connections per Server Process - 10 [this case, if we increasing the server processes to 4 then 40 db connections will consume]
Increase the DB connections for each process: Refer the step 2 for this param change..
Number of DB Connections per Server Process - 10 [this case, if we increasing the server processes to 4 then 40 db connections will consume]
Note:
* For all the above changes, requires to bounce the Oracle DB, OPMN processes.
* Requires to follow the above configurations for each OID instance installed host machine.
* For all the above changes, requires to bounce the Oracle DB, OPMN processes.
* Requires to follow the above configurations for each OID instance installed host machine.
OVD Tuning
Change the ulimit param to 8192
or unlimited
a) Set OVD admin &
wls_ods instances JVM settings
current:
/usr/java6_64/bin/java -Xms1024m -Xmx2048m
-Xms512m -Xmx1024m -Xss512K ???:
change to:
/usr/java6_64/bin/java -Xms2048m -Xmx2048m
current:
/usr/java6_64/bin/java -Xms1024m -Xmx2048m
-Xms512m -Xmx1024m -Xss512K ???:
change to:
/usr/java6_64/bin/java -Xms2048m -Xmx2048m
b) Latest
JDK:
Make sure the OVD configured to the Latest JDK installed on the host machine configured..
Presently Oracle_IDM1/jdk version is lower than the IBM Host machine default JDK version.
So, change the OVD JDK steps:
In opmn.xml file under <ias-component id=”ovd1”> change the jdk paths for the following tags..
<data id="java-bin" value="/usr/java6_64/bin/java"/>
----
<action value="exec /usr/java6_64/bin/java
----
<launch-targets>
<launch-target id="logquery">
<exec path="/usr/java6_64/bin/java"/>
Make sure the OVD configured to the Latest JDK installed on the host machine configured..
Presently Oracle_IDM1/jdk version is lower than the IBM Host machine default JDK version.
So, change the OVD JDK steps:
In opmn.xml file under <ias-component id=”ovd1”> change the jdk paths for the following tags..
<data id="java-bin" value="/usr/java6_64/bin/java"/>
----
<action value="exec /usr/java6_64/bin/java
----
<launch-targets>
<launch-target id="logquery">
<exec path="/usr/java6_64/bin/java"/>
c) Set the jvm memory
parameters in opmn.xml file
JVM Tuning in opmn.xml file..Change OVD JVM Memory to 2048m.
Change backend ldaps time out to 120sec [2 mins or least connection timeout of any configured backend ldap timeout]
Change backend ldaps time out to 120sec [2 mins or least connection timeout of any configured backend ldap timeout]
Increase the ping interval to 60 seconds (or more as needed) in the opmn.xml file.
When the system is busy, a ping from the Oracle Process Manager and Notification Server (OPMN) to Oracle Virtual Directory may fail. As a result, OPMN will restart Oracle Virtual Directory after 20 seconds (the default ping interval). To avoid this, consider increasing the ping interval to 60 seconds or more.
The ping interval can be modified in the
$ORACLE_INSTANCE/config/OPMN/opmn/opmn.xml as shown below:<process-type id="OVD" module-id="OVD">
<module-data>
<category id="start-options">
<data id="java-bin" value="$ORACLE_HOME/jdk/bin/java"/>
<data id="java-options" value="-server -Xms2056m -Xmx2056m -Dvde.soTimeoutBackend=120 -DdisableECID=1 -Didm.oracle.home=$ORACLE_HOME -Dcommon.components.home=$ORACLE_HOME/../oracle_common -Doracle.security.jps.config=$ORACLE_INSTANCE/config/JPS/jps-config-jse.xml"/>
<data id="java-classpath" value="$ORACLE_HOME/ovd/jlib/vde.jar$:$ORACLE_HOME/jdbc/lib/ojdbc6.jar"/>
</category>
</module-data>
<stop timeout="120"/>
<ping interval="60"/>
</process-type>
a)
Set the Threads configurations
based on the Server Processor cores
If the 4CPUs exists then 40 threads configurable
( A common configuration is to have 10 threads per CPU. For example, if there are 4 central processing units on the system, then there would be 40 threads.);
Connection Timeout set to specific time period;
Connection Timeout – 60 (minutes)
If the 4CPUs exists then 40 threads configurable
( A common configuration is to have 10 threads per CPU. For example, if there are 4 central processing units on the system, then there would be 40 threads.);
Connection Timeout set to specific time period;
Connection Timeout – 60 (minutes)
Set the following
param values in Listeners.os_xml (OVD/ovd1) file
<threads>1040</threads>
<anonymousBind>deny</anonymousBind>
<workQueueCapacity>8096</workQueueCapacity>
<socketOptions>
<threads>
<anonymousBind>deny</anonymousBind>
<workQueueCapacity>8096</workQueueCapacity>
<socketOptions>
<tcpNoDelay>true</tcpNoDelay>
...
</socketOptions>
...
</socketOptions>
<socketOptions>
<keepAlive>false</keepAlive> ...
</socketOptions>
----
----
<readTimeout>360000</readTimeout>
Make sure to apply the same changes for “LDAP
Endpoint” & “LDAP SSL Endpoint”
instances under Listener.os_xml file.
b) Set the higher level
of logger settings.
Logging Levels – change to Warning
Logging Levels – change to Warning
c) Set the Anonymous search to limit to restrict the load
from anonymous calls.
Anonymou search : disable
default: 1000 – change to lower the number.. or 0
Set the following param values in server.os_xml
<searchLimit>
Anonymou search : disable
default: 1000 – change to lower the number.. or 0
Set the following param values in server.os_xml
<searchLimit>
<anonymous>1000</anonymous>
<authenticated>10000</authenticated>
</searchLimit>
*******Not now the below.
d)
Close the inactive connections
of client from OVD
change the following in server.os_xml
change the following in server.os_xml
<inactiveConnectionTimeout>5</inactiveConnectionTimeout>
By default, OVD does not close any connections to a client no matter
how long the connection is idle. I recommend setting this to a value of 5
minutes so that connections that are idle are automatically closed. In such
cases, OVD will close the connection and a FIN will be sent to the client so as
to inform the client that the connection is closed by the server. The client
can send an ACK and terminate the connection to the server. This parameter is
in minutes.
- OVD-Adapter tuning
a) Access the ODSM interface, open the OIDGroups Adapter and change the source LDAP servers ‘Weight Value’ to 50 for each if there are 2 hosts exists – this change OVD will share the load equally to source ldaps.
b) in Routing tab , priority value set to ‘20’ – this change will give OVD 1st preference to search this branch when there is any search performs from root if other adapter priority is higher than this branch.
c) Repeat the same a & b steps for JOINADOID adapter
d) Repeat the same a & b steps for AD adapter but the priority value set to 30
Note:
* For all the above changes, requires to bounce the Oracle DB, OPMN processes.
* Requires to follow the above configurations for each OID instance installed host machine.
* For all the above changes, requires to bounce the Oracle DB, OPMN processes.
* Requires to follow the above configurations for each OID instance installed host machine.
No comments:
Post a Comment