Topic: |
Recommendation: |
Content to Review: |
Performance management for IdentityIQ |
Please review SailPoint’s Performance Management Guide for IdentityIQ |
|
Hardware sizing |
Use correct SailPoint Hardware sizing |
IdentityIQ hardware sizing guide
|
Database performance |
Review database performance |
IdentityIQ database performance tests
How to interpret IIQ DB performance status
|
Use latest JDBC drivers |
Ensure latest JDBC drivers are being used. This has been a common culprit with performance |
JDBC driver and IdentityIQ |
Pruning identity cubes |
Build appropriate database maintenance tasks to prune or archive data per best practices and company policy. Review Data Pruning related documentation that outlines the impact and recommendations concerning data pruning within IIQ. It is imperative to system performance over time that data is actively pruned and maintained |
Pruning identity cubes |
Task/request server configuration |
Verify the correct Task/Request Server Configuration |
Background processing in IdentityIQ: The TaskScheduler & RequestScheduler |
JVM configuration |
JVM configurations for IdentityIQ can be tuned for better performance. |
|
Identity refresh |
Do identity refreshes take too long? Consider splitting the identity refresh task. The Identity Refresh tasks could be broken out into separate function-focused sub refreshes to handle specific actions. This type of configuration is a best practice. Separate refresh tasks could be configured to process identity events (triggers), policies and attribute promotion. The identity refresh tasks will undoubtedly run much more quickly when the number of identities are pruned appropriately. However, should performance be an issue going forward, partitioning could be leveraged. |
Configuring delta identity refresh in IdentityIQ
|
Logging and auditing |
Clean up SysLog Entries. The SysLog typically records exceptions in the system. The exceptions often involve issues with misconfigurations, rules and other custom code. The system should only generate syslog entries when there is truly an issue with the software. Enabling this option will lead to the discovery of errors. |
|
Use partitioning in aggregation and refresh tasks where possible and advantageous |
Partitioning the aggregation and identity refresh tasks allows multiple threads and servers to process the incoming data. Only certain applications support partitioning, so this can be implemented for Active Directory and the delimited file applications. |
|
Service accounts |
Follow service account best practices. |
Service accounts best practices
Best practices to manage services accounts in IdentityIQ – Crash course video
|
Connecting to apps from a hosted IdentityIQ installation |
Please make sure you consult SailPoint if you have plans connecting to applications from a Hosted IdentityIQ Installation |
|
Logical applications |
Logical applications can have performance problems when you configure too many of them. Please make sure you consult SailPoint regarding your logical app requirements. |
Limitation on number of logical applications |
Connectors |
Review connector troubleshooting tips |
|
SSB |
SailPoint SSB (Service Standard Build) Build Process should be followed |
|
Identity CheckUp (Billable) |
If you do not have resources on your team with the necessary SailPoint skills sets to take action on the above recommendations you should consider purchasing an Identity CheckUP |
It should be noted that these findings are from real world health checks and some may not apply to your unique IIQ implementation. Also, depending on your SailPoint skill set, some of the recommendations might be too complex to try and resolve yourself. You should consult your implementation partner and/or SailPoint services.
If you believe your team lacks the necessary IdentityIQ skills and experience to take action on the above recommendations, we recommend that you consider an Identity CheckUP