OID Performance Tuning
Oracle Internet Directory is highly scalable and manageable in terms of performance tuning as per the hardware resources and high availability configurations.
In this blog I will explain the parameters which can improve the performance of OID.
1. Database Parameters:
Recommended values
sga_target,sga_max_size upto 60-70% of the available
RAM for database machine
db_cache_size upto 60-70% of the available
RAM for database machine
shared_pool_size 500M
session_cached_cursors 100
processes 500
pga_aggregate_target 1-4GB
job_queue_processes 1 or more
max_commit_propagation_delay 99 or lower
2. LDAP Server Attributes:
Recommended values
orclmaxcc 10 - Number of DB Connections
per Server Processes
orclserverprocs 4 - Number of OID LDAP Server
Processes which should be
equal to the number of cpu
cores on the system
orclgeneratechangelog 0 - Disables change log
generation
orclldapconntimeout 60 - LDAP Connection Timeout
orclmatchdenabled 0 - Enable MatchDN Processing
3. OID Authenticator Parameters:
If you have configured Oracle Internet Directory Authenticator in myrealm to retrieve users from OID, following parameters can be changed to optimize the performance:
Recommended values
Group Membership Searching limited
Connection Pool Size 120
Connect Timeout 120
Cache Size 51200
Cache TTL 300
4. jps-config Parameters
If the weblogic server is reassociated to an OID and the application policies are stored in it, following parameters should be added in policystore.ldap serviceInstance in jps-config.xml to make the retrieval of policies faster by caching them.
<property name="oracle.security.jps.policystore.rolemember.cache.type" value="STATIC"/>
<property name="oracle.security.jps.policystore.rolemember.cache.strategy" value="NONE"/>
<property name="oracle.security.jps.policystore.rolemember.cache.size" value="100"/>
<property name="oracle.security.jps.policystore.policy.lazy.load.enable" value="true"/>
<property name="oracle.security.jps.policystore.policy.cache.strategy" value="NONE"/>
<property name="oracle.security.jps.policystore.policy.cache.size" value="1000000"/>
<property name="oracle.security.jps.policystore.refresh.enable" value="true"/>
<property name="oracle.security.jps.policystore.refresh.purge.timeout" value="43200000"/>
<property name="oracle.security.jps.ldap.policystore.refresh.interval" value="6000000"/>
<property name="oracle.security.jps.policystore.rolemember.cache.warmup.enable" value="true"/>
<property name="connection.pool.min.size" value="120"/>
<property name="connection.pool.max.size" value="120"/>
<property name="connection.pool.provider.type" value="IDM"/>
<property name="connection.pool.timeout" value="300000"/>
<property name="connection.pool.provider.type" value="5"/>
OID and weblogic server restarts are required after modifying the above parameters. They can still be optimized depending on the availability of the hardware resources.
Ref : http://docs.oracle.com/cd/E23943_01/core.1111/e10108/oid.htm
No comments:
Post a Comment