Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Databases

Ride the Chaos through proper Care and Feeding of

advertisement 
Ride the Chaos through proper Care and
Feeding of your Identity Metasystem Databases
(ILM, CLM and RMS)
David Lundell, ILM MVP
Who am I? What is Ensynch?
• IDA Practice Director at Ensynch
• ILM MVP
• Ensynch
– Award Winning Identity Management Practice
– SharePoint
– Biztalk
– Unified Communications
Agenda
• Why do you care? Why should you care?
• Problems with ILM, CLM, and RMS
databases
• DBA 101
• Solutions to Problems
• Recommendations
• QA
Why do you care?
•
•
•
•
•
Faster Performance
Reliability
Job Security
May not have a DBA assigned
DBA may not understand specialized
needs
Generalized Problems
Protect
against
corruption
Backups:
Full, Log, or
Diff?
Index
Maintenance
TempDB only a
temporary
problem?
Where do
you want
these: DB &
Log Files
Problems w/ ILM Sync Engine DB
Availability
Tools ->
Statistics –
takes
forever
Run
History –
can make
you crawl
To Index
or not to
Index (MV
Attributes)
Problems with the MSILM DB
It will grow!
Possible
Performance
concerns
Availability
Problems with CLM DB
Concern is
around
availability
But doesn’t
grow too
large
Actions in the CA
that happen when
the database is
unavailable don’t
get captured
Problems with RMS Config DB
Lots of
updates
Lots of
Backups
Index
Maint
Problems with RMS Logging DB
MSMQ and Logging
Database work
together
MSMQ can
fill up disk
Can fill up (although
in AD RMS Logging
is normalized and
takes less space)
Need to
Archive the
data
Problems with RMS Directory
DB
Many
Inserts and
Deletes
Leads to
Fragmentation
• If unchecked can cause
poor performance or
server failure
SQL Background (Problems and
Solutions)
•
•
•
•
•
•
Tempdb
Table Growth Consequences
Transaction Log
Recovery Models
Backup Types
High Availability
Tempdb
• Ideally separate spindle for TempDB data and
TempDB log
• But at least isolate from all else
• Used by triggers, sorting, index rebuilds, big
queries, temp tables, row versioning
• # of tempdb data files = 1/4 to 1/2 # of cpu's for
tempdb (upto max of 8)
• 1 tempdb log file
• KB 307487 -- don't shrink tempdb
• Kb 224071 -- moving tempdb
Consequences of Table/Index Growth
•
•
•
•
•
Page Splits
Fragmentation
More Scans than Seeks
Data File Growth
Log File Growth
Page Splits
• Inserts cause page splits during your run
• Both tables and indexes stored in 8K pages
• Use SQL Server Access Methods:Page Splits/Sec
to track how often this happens
Which causes …
Fragmentation
• Searching and inserting take longer
– Because Index becomes deeper
– Index can become fragmented
• Pages are out of order (because of page splits)
• Pages are partly empty (because of updates,
deletes and pages splits)
• DBCC SHOWCONTIG(‘mms_step_object_details’)
Scan vs. Seek
• Query Optimizer may decide to
avoid beaten up indexes
–
–
–
–
So it may choose to do a Scan
Scan = Read every page in table
Access Methods: Full Scans/Sec
Ensure that Auto Create/Update
Stats is enabled
So rebuild indexes
Rebuild online
Rebuild
Defrag (only rebuilds
leaf level)
MIIS
Not needed unless
password reset and
sync
Sure unless password Sure
reset or sync
MSILM
Recommended
Indexes (and hence
Sure
tables are unavailable
during rebuild)
CLM
Recommended
Ditto
Sure
RMS_Config
Recommended
Ditto
Sure
RMS_Logging
Not needed
Ditto
Sure
RMS_Directory
Recommended
Ditto
Sure
Tables and indexes (more than 1000 pages) with greater than 30% fragmentation
should Rebuild and those with less than that but more than 5% should Defrag(Reorg)
IndexOptimize from Ola
Hallengren
• http://blog.ola.hallengren.com/_attachment
s/3440068/Documentation.html
• IndexOptimize
Don’t overdo it
• If you rebuild indexes – don’t usually have
to update statistics
• Consider Bulk-Logged Recovery Model for
index rebuilds
• MSILM DB turn off auto update stats
– May not need it for others if doing it frequently
in a batch fashion
File Growth
• Only if Auto Grow is enabled and there is not
enough file space – make it a large enough
chunk
• Expensive operation to take place during peak
• Preferable grow rather than halt operations due
to out of space
• Best is to trim (clear run history) database and
then grow in advance of need
– DBCC
SHRINKDB(‘MicrosoftIdentityIntegrationServer’,NO_T
runcate)
– Alter Database Modify File (NAME=MIISData1, SIZE
= 1000MB)
Transaction Log
• Give SQL Server Reliability, recoverability
and speed
• Like court stenographer, serially noting
down everything that took place without
sorting/cataloging
• Data changes happen in RAM and T-Log
• Upon checkpoint (approx 1/min) changed
pages are written to data files
• Only need 1 Log file
• Should have own spindle(s) – RAID 1
Log File Growth
• Log file growth depends on Recovery
Model, size and number of Transactions
• SQL Server: Databases: Log Growths
• Start off at a decent size (1/4 estimated
size for your total data files)
• Virtual Log files
Virtual Log files
• Dbcc loginfo
• Too many and too few hurts performance
– Too many and log is highly fragmented
– Too few and log can’t clear itself often enough
– Want VLF’s about 500 MB
– Suggest start at 8 GB and 8 GB of growth
• Log Growths
– chunks less than 64MB = 4 VLFs
– chunks of 64MB and less than 1GB = 8 VLFs
– chunks of 1GB and larger = 16 VLFs
– http://www.sqlskills.com/blogs/Kimberly/category/SQL-Server2008.aspx
• http://sqlblog.com/blogs/linchi_shea/archive/2009/02/09/
performance-impact-a-large-number-of-virtual-log-filespart-i.aspx
Recovery Models
• Full (Best recovery)
– Log everything and keep it until we Backup or
Truncate the Log
• Simple (Only as good as last full or diff)
– Don’t log bulk logged operations and get rid of
inactive transactions at every checkpoint
• Bulk-Logged
– Don’t log bulk logged operations, keep everything
else until we Backup or Truncate the Log
– Only use during a bulk logged operation
Backup Types
• Full Backup
– Copies all data pages and only grabs T-Log items that
happened during backup
• Differential
– Copies all data pages that have changed since last
full and only grabs T-Log items that happened during
backup
• Log
– Copies the entire log and truncates all inactive
transactions (only one that does this)
Full, Log or Diff?
• Recommend Nightly Full Backups of
– Master, MSDB, Model and User databases
– If in full or Bulk Logged Recovery Models you
will need to backup your log
• How often?
– What kind of data loss can you live with?
– What about Diffs?
• Speed up recovery process
– How quickly must we be able to recover
Which Recovery Model fits?
Full
Bulk-Logged
Simple
MIIS
Yes
No
Possible
MSILM
Yes
No
No
CLM
Yes
Could be useful
during index
rebuilds and bulk
Importing
No
RMS_Config
Yes
Could be useful
during index
rebuilds
No
RMS_Logging
Yes
Could be useful
during index
rebuilds
If you can handle
data loss
RMS_Directory
Yes
Could be useful
during index
rebuilds
Why not it can get
it again from AD
Speedy Backups
• Stripe your backupset across multiple
disks … or use Compression
• Red Gate SQL Backup and Quest
LiteSpeed (2 examples)
– Compress to 1/10 – 1/5 size of native
backups
– Can encrypt using AES upto 256 bit
– Backups take ¼ - ½ the time
• SQL 2008 has backup compression
High Availability
• Clustering
– Protects against server hardware and server
software failure
– Failover 30-60 seconds
• Mirroring
– Protects against
– Failover can be under 5 seconds
– Requires Smart client
• Log Shipping
Which Database HA fits?
Clustering
Mirroring
Log Shipping
MIIS
Yes
No Auto failover
Yes
MSILM
Yes
Not supported
Yes
CLM
Yes
Supported?
Apparently not
Yes
RMS_Config
Yes
Yes
Yes
RMS_Logging
Yes
Yes
Yes
RMS_Directory
Yes
Yes
Yes
MIIS service can be clustered but is not supported by ILM product group
ILM 2 Services – Multi instance and NLB or other Load balancer
CLM Service -- Multi instance and NLB or other Load balancer
RMS – Is designed with its own application cluster
ILM Sync Engine Clustering on
Windows Server 2008 (not sup)
•
Use the Generic Script Resource per Alex T.
http://blogs.msdn.com/alextch/archive/2005/12/17/clusteredmiis.aspx
• But make some tweaks for windows 2008 clustering model
if Node = activeNode Then
Set objWMIService = objSWbemLocator.ConnectServer(Node, _
"root\CIMV2")
Else
Set objWMIService = objSWbemLocator.ConnectServer(Node, _
"root\CIMV2", _
strUser, _
strPassword, _
"MS_409", _
"ntlmdomain:" + strDomain)
End If
• http://www.ilmbestpractices.com/blog/2009/03/ilmmiissync-engine-clustering-windows.html
Still have Database
performance issues
• After following the preceding advice
– Defrag the disk
– Try more spindles
– Try solid state drives – fusionio.com
References
• http://blogs.technet.com/rmssupp/archive/
2008/11/19/de-humidifying-the-rmslogging-database-a-k-a-de-mystifying.aspx
• http://technet.microsoft.com/enus/library/cc747680.aspx
• http://technet.microsoft.com/enus/library/cc747691.aspx
• http://blogs.technet.com/rmssupp/
References cont.
• http://technet.microsoft.com/enus/library/cc747731.aspx
• http://www.sqlskills.com/blogs/Kimberly/cat
egory/SQL-Server-2008.aspx
• http://sqlblog.com/blogs/linchi_shea/archiv
e/2009/02/09/performance-impact-a-largenumber-of-virtual-log-files-part-i.aspx
• http://blog.ola.hallengren.com/blog/_archiv
es/2008/1/1/3440068.html#1227266
Thanks
• Thanks to Andy Schan from Titus Labs for
double checking some of my RMS info
• Thanks to Jason Tyler for his RMS blogs
Other Ensynch Sessions
• Taming the Chaos – Building a Practical Lifecycle Mgt. Application in
the ILM “2” Portal David Lundell and Brad Turner
–
Sunday 1PM - 5 PM Pre conference Workshop 2
• Designing an Object Expiration & Reconciliation process in ILM 2
Brad Turner
–
Monday 1 PM - 2:15 PM
• Proper Care & Feeding of ILM, CLM and RMS Databases David
Lundell
–
Monday 1 PM - 2:15 PM
• Rescue Your Identity Metasystem from Chaos Through Reporting
against ILM 2 with SSRS David Lundell Brad Turner
–
Mon 4 PM - 5:15 PM
• ADFS Extensibility Chris Calderon
–
Tue 2:45 PM - 4 PM
Visit our blogs and Identity Page
•
•
•
•
•
•
•
David Lundell www.ilmbestpractices.com
Brad Turner www.identitychaos.com
Chris Calderon Blog.identityjunkie.com
Joe Zamora http://c--shark.blogspot.com/
Rebecca Croft http://www.apollojack.com/
www.ensynch.com/ida/
www.ensynch.com/events/
Related documents
Open Source In State and Local Government - Mil-OSS
Open Source In State and Local Government - Mil-OSS
CORRECTING RMS VALUE OF A SINE WAVEFORM SAMPLED DUE LIMITED NUMBER
CORRECTING RMS VALUE OF A SINE WAVEFORM SAMPLED DUE LIMITED NUMBER
The Institute of Leadership & Management Partnership working
The Institute of Leadership & Management Partnership working
Document
Document
ROCKY MOUNTAIN SYNOD - Our Saviour`s Lutheran Church
ROCKY MOUNTAIN SYNOD - Our Saviour`s Lutheran Church
TempDB - WordPress.com
TempDB - WordPress.com
RMS believes in developing happy, health and hardy students (H3).
RMS believes in developing happy, health and hardy students (H3).
Lecture for Chapter 6.4 (Fall 11)
Lecture for Chapter 6.4 (Fall 11)
Quadrupole Scan
Quadrupole Scan
History At-A-Glance
History At-A-Glance
SNPhA National Office Presentation
SNPhA National Office Presentation
CLM Presentation by Michael Baumgarner Nov 2013
CLM Presentation by Michael Baumgarner Nov 2013
Quantum-NY
Quantum-NY
here. - Mile High Chapter ALA
here. - Mile High Chapter ALA
SCOM_ADInt_Zerger
SCOM_ADInt_Zerger
Unspun Chapter 7 Osama, Ollie, and Al
Unspun Chapter 7 Osama, Ollie, and Al
Winlink Presentation (Week 2)
Winlink Presentation (Week 2)
Working with tempdb in SQL Server 2005
Working with tempdb in SQL Server 2005
Download
advertisement