Tuesday, July 2, 2013

A checklist for OIM go-live

This post presents a list of configuration points in OIM that must be taken into account whenever a customer is planning an OIM go-live. This list is not intended to replace the OIM documentation, instead, the idea is to complement it. It provides tips on a few topics that are not part of the documentation.

Let's go for them:

  • A visit to the OIM Performance Tuning guide is mandatory step before a go-live. The guide for the 11.1.2.1.0 release can be found here, whereas the one for 11.1.2.0.0 is available here. The documentation provides instructions on tuning:
    • JVM memory parameters
    • OIM cache
    • MDBs 
    • Connection pool sizes
    • Database parameters
    • Database tables location
    • LDAP Synch
  • Deployment mode: cluster or simple? If deploying OIM in cluster mode, the deployment mode must be configured appropriately. The oim-config.xml excerpt below shows the specific configuration:
     <deploymentConfig>
    <appServerName>weblogic</appServerName>
    <initialContextFactory>weblogic.jndi.WLInitialContextFactory</initialContextFactory>
    <dataBaseType>oracle</dataBaseType>
    <deploymentMode>cluster</deploymentMode>
    </deploymentConfig>
  • If deploying OIM in cluster mode, the OIM internal cache must be configured for that. The oim-config.xml excerpt below shows the specific configuration:
    <cacheConfig clustered="true" enabled="true" expirationTime="144000" provider="oracle.iam.platform.utils.cache.OSCacheProvider" threadLocalCacheEnabled="false">
  • If deploying OIM in cluster mode, the OIM scheduler must be configured for that. The oim-config.xml excerpt below shows the specific configuration:
    <schedulerConfig DSJndiURL="jdbc/operationsDB" nonTxnDSJndiURL="jdbc/oimJMSStoreDS" clustered="true" 
  • If deploying OIM behind a LoadBalancer and or Web Server, OIM front end URL and SOA SOAP URL must be configured with the Load Balancer/WebServer URL. If SSL is to be used in the communication between OIM and SOA, the URLs must use HTTPS protocol (and in this case the WebLogic keystores must be configured accordingly). The oim-config.xml excerpts below shows the specific configuration:
    <oimFrontEndURL>http(s)://hostname:port</oimFrontEndURL>

    and
    <soapurl>http(s)://hostname:port</soapurl>

    OIM R2 PS2 (11.1.2.2.0) release introduced a new URL related configuration parameter called oimExternalFrontEndURL. The objective is to have more flexibility when it comes to URLs used to access OIM application: the SOA-OIM traffic (oimFrontEndURL) can be separated from OIM UI traffic (oimExternalFrontEndUrl):
    <oimExternalFrontEndURL>http(s)://hostname:port</oimExternalFrontEndURL>
  • If OIM WebLogic domain is configured with an LDAP security provider, make sure to review the number of connections to the LDAP Server. This number can have impact on OIM performance, especially in deployments with a high number of users. A very common situation where this configuration should be reviewed is when OIM is integrated with OAM. 
  • Multicasting check: OIM internals have a dependeny on multicasting in clustered deployments. It is important to make sure that multicasting is enabled and that the NIC/IP used by OIM can multicast massages. This configuration is independent of the chosen WebLogic cluster approach (Unicast or Multicast)
As stated above, oim-config.xml is the configuration file that holds OIM internal configurations. This file can be exported from MDS, changed and then imported back. OIM needs to be bounced to take the changes. Be careful when changing this file, if it contains errors OIM will not start correctly.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.