One Identity Management Console for Unix 2.5.2 - Administration Guide

One Identity Privileged Access Suite for Unix Introducing One Identity Management Console for Unix Installing Management Console for Unix Preparing Unix hosts Working with host systems Managing local groups Managing local users Active Directory integration Authentication Services integration Privilege Manager integration
Getting started Configure a primary policy server Configure a secondary policy server Install PM agent or Sudo plugin on a remote host Security policy management
Opening a policy file Edit panel commands Editing PM policy files Reviewing the Access and Privileges by User report Reviewing the Access and Privileges by Host report
Event logs and keystroke logging
Reporting Setting preferences
User preferences System preferences
Security Troubleshooting tips
Auto profiling issues Active Directory Issues Auditing and compliance Cannot create a service connection point Check Authentication Services agent status commands not available CSV or PDF reports do not open Database port number is already in use Elevation is not working Hosts do not display Import file lists fakepath Information does not display in the console License information in report is not accurate Out of memory error Post install configuration fails on Unix or Mac Privilege Manager feature issues Profile task never completes questusr account was deleted Readiness check failed Recovering from a failed upgrade Reports are slow Reset the supervisor password Running on a Windows 2008 R2 domain controller Service account login fails Setting custom configuration settings Single Sign-on (SSO) issues JVM memory tuning suggestions Start/stop/restart Management Console for Unix service Toolbar buttons are not enabled UID or GID conflicts
System maintenance Command line utilities Web services Database maintenance About us

JVM memory tuning suggestions

Previous releases of the Management Console for Unix used Java 6 and tended to require manual tuning of the JVM memory settings. Java 8 reduces the need for this because, by default it automatically chooses its initial and maximum heap sizes as fractions of the host's memory size. The resulting maximum heap size can be displayed by running this command:

java -XshowSettings:vm -version

However, there may still be scenarios for which manual tuning is desirable. If you are experiencing performance degradation due to heavy demand from web service calls, simultaneous report generation, multiple browser connection querying, and so forth, One Identity recommends that you increase the JVM memory.

To tune JVM memory

  1. Open the custom.cfg file for editing.

    See Setting custom configuration settings for general information about customizing configuration settings for the mangement console.

  2. Set the initial or start memory size using the -Xms variable and the maximum memory size using the -Xmx variable. For example:

    -Xms512m

    -AND-

    -Xmx512m

    where "512m" specifies 512MB of memory or "1g" specifies 1GB of memory.

    Note: 1024MB is the default memory requirement.

    One Identity recommendations:

    • For each 1,000 application database records (hosts, uses, groups, group memberships), increase the JVM memory by 20MB to support 1 to 3 simultaneous web browser connections.
    • For each 1,000 records, increase the memory by 30MB to support 3 to 5 simultaneous web browser connections.
    • Do not allocate more memory than you have; the console will fail to load.

    These suggested specifications depend on your reporting demands. If you create more than two or three reports simultaneously, increase the memory specification.

    For further information on specific settings refer to <install_directory>/jvmargs.cfg

    These values are used for the JVM heap which reserves memory for the server and its database. Increasing the amount of memory available can improve performance, but increasing it too much can have a detrimental effect in the form of longer pauses for full garbage collection runs. Setting -Xms and -Xmx to the same value increases predictability by removing the most important sizing decision from the virtual machine. On the other hand, the virtual machine cannot compensate if you make a poor choice. Be sure to increase the memory as you increase the number of processors, since allocation can be parallelized. JVM heaps greater than 1.5 Gbytes require a 64-bit JVM. Anything more than that will cause the service to not start.

    Numbers can include 'm' or 'M' for megabytes, 'k' or 'K' for kilobytes, and 'g' or 'G' for gigabytes. For example, 32k is the same as 32768. Unless you have problems with pauses, try granting as much memory as possible.

    For further reading on garbage collection tuning refer to https://docs.oracle.com/javase/8/docs/technotes/guides/vm/gctuning/.

  3. Save the custom.cfg file.

  4. Restart the Management Console for Unix service.

    See Start/stop/restart Management Console for Unix service for details about restarting the Management Console for Unix Service.

Start/stop/restart Management Console for Unix service

Depending on the platform you are using, use the corresponding procedure to start, stop, or restart the Management Console for Unix service (mcu_service).

Linux or Solaris machines

To stop, start, or restart the Management Console for Unix service (mcu_service) on a Linux/Solaris machine

  1. Log onto the machine as root user.
  2. At the root prompt, enter one of the following commands:

    To stop and restart the service automatically:

    /etc/init.d/mcu_service restart

    To stop the service and unload it:

    /etc/init.d/mcu_service stop

    To load the service and start it:

    /etc/init.d/mcu_service start

HP Unix (HPUX) machine

To stop, start, or restart the Management Console for Unix service (mcu_service) on an HP Unix machine

  1. Log onto the machine as root user.
  2. At the root prompt, enter one of the following commands:

    To stop and restart the service automatically, enter:

    /sbin/init.d/mcu_service restart

    To stop the service and unload it, enter:

    /sbin/init.d/mcu_service stop

    To load the service and start it, enter:

    /sbin/init.d/mcu_service start
Related Documents