Resolution
NetIQ has included performance improvements in the Access Governance Suite 5.1p7 or higher, 5.2p1 or higher, and 5.5 releases.
After upgrading to one of these releases, customers with a large number of completed certifications and certification decisions should see improved performance when viewing decision history for a certification item in a certification, viewing decision history for an identity in the View Identity UI page, and all other operations that modify the certification decision history for an identity such as the process of finishing a certification in the Perform Maintenance task.
Performance was improved by changing the way that the certification decision history is persisted in the Access Governance Suite database. After this modification, Access Governance Suite can selectively read the decision history as required by the function being performed, rather than reading the entire history data. In many cases when adding new history, none of the previous history will be loaded at all. Specifically, this modification changes the persistence model for certification decision history (also referred to as Identity History) from an XML string to a separate database table with a row for each decision.
The upgrade for Access Governance Suite 5.1p7 or higher, 5.2p1 or higher, and 5.5 need to perform the data conversion; therefore, will take longer than a typical upgrade for customers who ran the Access Governance Suite software on release 5.0 or earlier. The length of time for the upgrade is determined by the number of certification cycles and certification decisions that have been made. The Access Governance Suite 5.1 upgrade migrated this data, but for some customers, the migration was incomplete. The upgrade in 5.1p7 and higher, 5.2p1 and higher, and 5.5 is a more exhaustive data migration with consistency checking. This more exhaustive upgrade will only be run once, even if later upgrading to a newer release. For example, if it is run when upgrading to 5.1p8, then it will not run when upgrading to 5.2 or 5.5.
NetIQ encourages customers to perform the upgrade process on a mirror of the production data or a representative sample in a test environment to determine the length of time the upgrade will take so they can plan accordingly. Ideally, the test environment will be similar enough to the higher environments such as production so that the time required in the test environment will be representative of the time required in the other environments. The upgrade process will log output to stdout so each client will be able to calculate an average of the processing time per Identity, although it should be noted that each Identity will have their own unique history and time will vary according to the volume of this data. NetIQ recommends redirecting the stdout information to a file.
The following are a series of questions and queries clients can use to determine if the upgrade may take an excessive amount of time.
- How many certification cycles have been performed using Access Governance Suite?
- How many certification decisions have been made over that period of time?
- In Access Governance Suite Release 5.0 or earlier, the following SQL queries will count the number of history items and certification items.
A database client or the Access Governance Suite console can be used to run these queries.
4. Once the Access Governance Suite 5.1a release has been installed, the following query will count the number of history items in the new table.
select count(*) from spt_identity_history_item;
This information can be provided to the NetIQ support team and they can help to determine if the upgrade may take an excessive amount of time.