A performance issue may result if the appliance is always allocating resources to check password in the queue.
The password check and change processes are single threaded in the Automation Engine. A single thread will only process 10 passwords at a time and only run once a minute. The maximum number of password checks possible in a day, if they all complete sucessfully within 60 seconds, is 14,400 passwords. If the queue is currently larger than this 14,400 password to check then it is not able to clear these checks within a day. The size of the check queue will continue to grow.
The check threads and the check retry interval needs to be reviewed to be able to handle the numbers of password stored in the appliance.
Because of the different customer environments, we cannot estimate how changing these values will affect CPU utilization or performance as many variables are involved. A list of suggestions will be provided.
We recommend having multiple check threads and multiple change threads. If the current settings will not be able to empty the check queue, it is suggested to slowly increase the thread numbers so the queues are cleared with minimal performance impact.
Working first on the check queue alone, this is a general guideline:
1. increase the Max Check Threads by 1 to 2 and make no other changes.
2. monitor if users report any increase in performance issues or deadlocks.
3. monitor if daily job run times (backups, daily maintenance, batch reports, daily extracts) change significantly.
4. monitor the size of the Check Queue over a period of three days.
If the queue shrinks, or does not grow as rapidly, increase the Max Check Threads again by 1 to 3, and monitor as above over three days.
If the queue shrinks, or does not grow as rapidly, increase the Max Check Threads again by 1 to 4, and monitor as before over three days.
If the monitoring shows a negative performance impact, reduce the number back down by 1.
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center