AM 7.5.0

Deployment requirements

This page lists initial system requirements for deploying AM servers:

Server disk storage requirements

Disk storage requirements for AM servers depend partly on AM itself and partly on your deployment. Disk storage requirements also depend on the space needed for binaries, configuration data, and log files.

  • For initial installation, a few hundred MB is sufficient, not including the downloaded files.

  • The AM .war file size varies from release to release. If your container holds one .war file and one directory with the contents of the .war file, the disk space required is on the order of 300 MB.

    This space requirement remains stable as you use AM.

  • By default, AM servers write audit logs to flat files under config-dir/openam/logs/. Alternatively, AM servers can write audit logs to syslog, or to a relational database.

    When using flat-file audit logging, you can configure rotation and purging for logs under openam/logs/, so you can effectively cap the maximum disk space used for logs.

    Retain the information you need before purging logs.

    AM logs errors and access messages. Make sure your disk can keep pace with the volume of logging, which can be significant in high-volume deployments.

    Learn more about audit logging configuration in Audit logging.

  • By default, AM servers write debug logs to flat files under config-dir/openam/debug/. You can configure rotation for debug logs.

    Because you can change debug log levels at runtime when investigating issues, debug log volume is not as predictable as for regular logs. Leave a margin in production environments, so that you can turn up debug log levels to diagnose problems.

    Learn more about debug logging configuration in Debug logging.

  • AM stores policy information in the configuration directory. The space this takes up depends on the policies you have.

  • By default, AM stores CTS information in the configuration directory. The space this takes up depends on the volume of traffic to the server and whether AM is configured for client-side sessions.

  • Tune the underlying DS servers to handle multiple client connections.

Learn more about tuning DS in the DS Release Notes.

Web and Java agents disk storage requirements

Web and Java agent binaries do not require more than a few MB of disk space, although they may require additional free space to store configuration files, POST data cache files, and others. Refer to the installation requirements of your web or Java agent for more information.

You should also consider the web or Java agent logging when provisioning disk storage:

  • Web and Java agents can log audit messages locally to the agent installation or can send them to the AM instances. Refer to the configuration reference of your agent for more information.

  • Debug messages are logged to files local to the agent installation, and their volume depends on the debug log level. In production environments, provision additional storage to ensure you can enable higher debug log levels for diagnostic purposes.

Identity Gateway disk storage requirements

The IG Web application can vary in size from release to release. On disk, the .war file is under 50 MB. For containers that keep both the .war file and an unpacked version, the total size is under 100 MB.

By default, IG configuration resides under the $HOME directory of the user who runs the container.

If you use the default log sink, messages are sent to the container logs. Manage those as you would any container logs.

Both normal log messages and debug messages go to the log sink. As for other components, debug logging volume depends on log level. Leave a margin in production environments so that you can turn up debug log levels to diagnose problems.

IG does not run rotation or purging of the following logs, which you must manually manage:

  • Logs generated using a CaptureFilter

  • Log messages created by scriptable filters and handlers

Disk storage recommendations

The following are based on the preceding information in this section. When deciding on disk storage, keep the following recommendations in mind:

  • Plan enough space and enough disk I/O to comfortably absorb the load for logs.

    Check your assumptions in testing. For example, make sure that logs are cleaned up so that they do not exceed your space threshold even in long-duration testing.

  • When using local web or Java agent logs, make sure you have a mechanism in place to clean them up.

  • For IG, make sure you turn off CaptureFilter logging, scriptable filter, and handler debug logging before moving to production.

RAM requirements

AM core services require a minimum JVM heap size of 1 GB. If you are deploying with the embedded DS server, AM requires at least a 2 GB heap, as 50% of that space is allocated to DS.

Ensure that the Xms and Xmx JVM parameters are set to the same value to prevent a large garbage collection as the memory profile increases from the default up to the Xms value. Also, setting Xms and Xmx to the same value ensures that small controlled garbage collection events minimize application unresponsiveness.

Software requirements

Refer to Requirements in the Release notes for up-to-date information about the software requirements for this version.

Copyright © 2010-2024 ForgeRock, all rights reserved.