Designer 4.7 takes an excessive amount of time to Deploy

Hello,

After upgrading my IDM 4.5.5 test environment to IDM 4.7.2 and encountering no issues, I then upgraded my production environment exactly the same way. With IDM 4.5.5 in both environments and IDM 4.7.2 in my test environment, deploying a driver set with Designer only took about 35 seconds. In my production 4.7.2 environment Designer now takes a whopping 5 minutes!

If I deploy each of my five drivers individually they take approximately one minute each, so it's not one specific driver holding things up. I took a packet capture of the deploy and saw really slow LDAP search responses from the IDM engine server. I then noticed its ndsd process was pegged at 100% CPU utilization for the duration of the deployment and then drops back to normal. This issue does not occur in my test environment. Each environment is running the engine on a dedicated OES 2018 SP1 install, and are sharing the same Designer workspace as two separate projects on a Windows 10 workstation. I've since upgraded to IDM 4.7.3 and it's made no difference.

The only difference I can think of between my production and test IDM vaults is that one has 15,200 objects vs 40 objects. Is it normal for Designer 4.7 deployment to peg ndsd at 100% CPU and be really slow with this number of objects? If not, does anyone have any ideas or troubleshooting suggestions?

I've had a SR open on this for nearly two months with no response from Micro Focus except for initial contact the day I opened it, despite my pleas for troubleshooting assistance. My SR# is 101237767719.

Thanks!
Paul

  • Verified Answer

    Any NAT involved between your workstation and the Vault?

    If you are seeing LDAP queries that are slow, obvious thought is to check indexes.  Care to post the queries you are seeing?

    Is there a missing server?  I.e. a server in Designer, but not in the Vault? Something causing failed queries that have to time out?

     

  • Nope, no NAT taking place.

    I checked the indexes via iManager and they all show as being Online, and none of the default indexes are missing. I ran ndstrace with debug during Deploy and there were no errors to speak of, including no RECM errors. How should I post the queries? In Wireshark there's 3,209 LDAP searchRequests during the Deploy.

    Nope, no missing servers. There's only the one production server, and besides double checking in Designer, I've taken and searched packet captures for DNS lookups (after flushing my workstations DNS cache) and IP addresses of servers that don't belong and found none. There's no failed queries timing out that I can see.

    Thanks!
    Paul

  • What I meant by check indexes, is look at the LDAP queries and see what it is looking for, and ensure that the things it searches on, are covered by Indexes.  Which is hard, since as you say there are 3209 search requests.

    Can you see the timing of how long between request and responses?  Find the slowest ones and look at those first?

  • In many cases, I had this issue, when LDAP session between Designer and Identity Vault was "closed" for any reasons (FW, timeout, etc).

    I can recommend to "refresh" the session, before than initiate deployment operation. 

  • That is true. With the LDAP protocol change, I pretty much always refresh my connection when doing live ops.