IBM Support

Performance Tuning for IBM Security Access Manager client on WebSphere DataPower SOA Appliance

Troubleshooting


Problem

The settings in the default IBM Security Access Manager configuration file might affect transactional throughput when performing authentication and authorization with Security Access Manager under load.

Symptom

When you create a Security Access Manager configuration file on a DataPower appliance or on a Security Access Manager system, the default entries in the Security Access Manager configuration file do not contain any optimization with respect to performance. By default, these options are not enabled or configured, because of the diverse nature of Security Access Manager and DataPower deployments.

Specifically, caching of registry searches is not enabled. This feature represents the largest performance improvement that is available.

When Security Access Manager authenticates or authorizes a user, it must perform several searches against the registry server in the Tivoli Access Manager (server) environment. When registry-caching is not enabled, these searches must be performed on each operation. Because each search is an external network operation, a performance penalty is incurred, which significantly increases the load on the registry server.

The Security Access Manager configuration file contains a parameter that enables caching of registry search results. When enabled, there are additional parameters to control the number of users or groups that the client will cache and the length of time a cached entry is valid.

Additionally, you can define configuration entries that direct the Security Access Manager client to ignore irrelevant registry suffixes.

For both improved performance and high availability, define registry server replica. These definitions include preference indicators to distribute load across multiple registry servers.

[{"Line of Business":{"code":"LOB77","label":"Automation Platform"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SS9H2Y","label":"IBM DataPower Gateway"},"ARM Category":[{"code":"a8m50000000CdpBAAS","label":"DataPower-\u003ESecurity (SE)-\u003ETAM"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Version(s)"}]

Log InLog in to view more of this document

This document has the abstract of a technical article that is available to authorized users once you have logged on. Please use Log in button above to access the full document. After log in, if you do not have the right authorization for this document, there will be instructions on what to do next.

Document Information

Modified date:
08 June 2021

UID

swg21448584

Page Feedback