Improving NetIQ Identity Vault I/O performance on Linux

NetIQ eDirectory is the backend directory for the Identity Vault for NetIQ’s Identity Manager product.

If eDirectory replica send and receive deltas are significantly out on your Identity Vault server compared to other servers in the replica ring, or even another server, it may be due to an I/O issue or a combination of inadequate RAM and I/O issues.

eDirectory is I/O and processor intensive. Look through the eDirectory documentation for tuning guidelines.

If you are running on Linux, consider testing your I/O performance with the below bash script.

for (( ; ; )); do
/bin/echo “——-START IOSTATS TESTING——-” >>/tmp/iostatoutput.log
/bin/date  >>/tmp/iostatoutput.log
/bin/dd if=/dev/zero of=/var/opt/novell/eDirectory/data/dib/iotest.log bs=64k count=8k conv=fdatasync >>/tmp/iostatoutput.log 2
sleep 30
This is assuming you are using the default dib location. If you are not, change the “/bin/dd if=” line to the path of your data dib directory. This ensures that you are testing on the correct volume.
When the script runs it creates the /tmp/iostatoutput.log file.

Notice that in the below report from the log that on the 19th, it showed 140 MB/s, where today it shows 34.5 MB/s.

Wed Dec 19 07:05:17 EST 2012
8192+0 records in
8192+0 records out
536870912 bytes (537 MB) copied, 3.83467 seconds, 140 MB/s
/bin/dd: closing input file `/dev/zero’: Bad file descriptor
Tue Jan  8 07:17:03 EST 2013
8192+0 records in
8192+0 records out
536870912 bytes (537 MB) copied, 15.5138 seconds, 34.6 MB/s
Tue Jan  8 07:17:49 EST 2013
8192+0 records in
8192+0 records out
536870912 bytes (537 MB) copied, 15.5704 seconds, 34.5 MB/s


It creates a 500 MB file to do the test called iotest.log. It is located in the /var/opt/novell/eDirectory/data/dib/ directory. This file should be deleted when done testing to clear up space on the volume.

If you see your MB/s under 100, it may be an indication of an I/O issue. Increasing memory and turning down the IDM trace levels on the driver logging may help reduce the load on the I/O. It would be best to also consider XSF volumes and other recommendations within the eDirectory documentation.

Questions, comments or concerns? Feel free to reach out to us below, or email us at IDMWORKS to learn more about how you can protect your organization and customers.

Leave a Reply

Your email address will not be published. Required fields are marked *