This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IG Publication speed - slow - is it nested groups?

Using IG 3.7.0-54 on a virtual SLES 15.3 server in AWS

DB is an AWS IaaS thing.

We have an identity source, eDirectory with appr. 19000 users and about 59000 groups.

We collect the users and the groups in an identity collector.
This includes nested groups

The collection takes about 20 mins (I think)

The publication takes 6+ hours

top on the IG server say load average is about 0.00-0.01

IG is memory is set to -Xms4096m -Xmx8192m

Publication status shows

Elapsed    Start End
5:12:27.586    7/3/2023 11:19:49.096 [Nothing yet]    TransitiveSubgroups.generate
0:00:12.261    7/3/2023 11:19:49.101    7/3/2023 11:20:01.362 TransitiveSubgroups.generate (distance=1)

Could it have something to do with nested groups?
Are there a problem with those?


  • Suggested Answer

    0  

    There is a report you can run (do you have reporting installed?) that will show the performance log.  That will show times for the steps during collect and publish.   The times you mention don't surprise me for a IaaS backend.  This software is VERY dependent on DB performance, and the install guide does recommend ensuring your DB is as close as possible network-wise from the app server(s).   

    May I ask why you are collecting groups on the Identity collector?  When you pull in groups that way, they do not represent permissions, they are not reviewable.  I call these "IG Groups" and they are used to assign permissions IN IG, and as criteria in search parameters in reviews (that is, you can run a review for users in a group, if you want)   But you still would need to collect all those groups in an application data source in order to review them.   In my mind those IG Groups are limited in functionality, and unless you've got a good use for them, I'd suggest not collecting them on the Identity collector.

    --Jim