Skip to Content

IDM 8.0 performance and delta option

Hi all,

I've build up a new IDM 8.0 system with two ABAP sandboxes (SBx) connected.
The update job is configured but differs in terms of runtime for the sandbox systems. The update process for SB1 first run around 1 hour, with the delta option enabled now it tooks only 600s (15.700 entries processed). But the one for SB2 take 11 times longer, 6700s, each run. Ok, there are 3 times more entries processed but the runtime is quite large.. Is it just the number of entries processed that makes such a difference?
In addition, the log shows that one half of the entries is added, another is modified, only a few with no operation. So I am not sure if the delta option is working? I expected that there would be a major part of entries with no operation...

How can I check this in more detail?

Regards, Richard

Add comment
10|10000 characters needed characters exceeded

  • Follow
  • Get RSS Feed

2 Answers

  • Mar 25 at 12:33 PM

    Richard, there's probably a few things going on here, but yes, more entries does mean more processing time :)

    First off are the hardware / network specs the same? (Not to mention java and NW specs)

    How many dispatchers are built for each system? Where are they located?

    Are you processing the exact same data (number of entries and attributes to update)

    All of this can have some effect on performance, as to monitoring, I think you would have do do some serious database work and add some logging to see what's going on.

    These links are mostly from IDM 7, but I think they still mostly hold up:
    https://blogs.sap.com/2015/07/13/performance-tips-and-tricks-when-beginning-the-idm-journey/

    https://blogs.sap.com/2016/03/25/sap-identity-management-provisioning-monitor-tool/

    https://apps.support.sap.com/sap/support/knowledge/preview/en/2437631

    https://apps.support.sap.com/sap/support/knowledge/preview/en/2456633

    https://blogs.sap.com/2014/02/05/on-queue-processing-or-the-lack-thereof/

    Add comment
    10|10000 characters needed characters exceeded

    • Hi Matt,

      thanks for your input. A small update.. I noticed that the passes "Handle Deleted Profile Assignments From Backend" and "Handle Deleted Role Assignments From Backend" within the update job are not working correctly. These are 1 to 1 copies from the RDS. However, in my case they are deleting the assignments in IDM (not in the backend) and with the next run the assignments are written back again and get removed again... quite strange. As a test I disabled both passes with the result that the runtime is reduced to nearly half an hour. So, I will have a more detailed look into those passes.

      Regards, Richard

  • Mar 28 at 07:11 PM

    Richard,

    Gotta be honest, I've never been a fan of the RDS. Is there something from the standard provisioning framework you can try?

    Matt

    Add comment
    10|10000 characters needed characters exceeded

    • Yeah, it's some kind of "beta software" in some places.. but anyway it's quite a good starting point I think.

      I created my own logic, runtime is better now. Also, I decreased the log level on dispatcher. There are lot's of scripts that flood the system with information log entries which lead to an increased runtime... 5 to 10 times for some processes >_<