In all my deployment of OpenAM in Production, I will always tune the JVM as well as OpenAM tunable parameters before I hand-over the SSO infrastructure to customers.
From tuning perspective, I only have 1 product in mind ... i.e. this particular JVM is supposed to run OpenAM optimally. I will not cater for any other component(s) that might be deployed on the same JVM. Honestly, if I am not told beforehand, how do I know what to cater for and which parameters to tune?
These days, APM solutions are picking up. APM vendors preach that their solutions, when deployed on the same JVM where the production codes are running, have little footprint. And thus, it is alright to run APM alongside production codes.
Really? I just had a customer who reported a JVM heap of over 80% 5-6 times per month.
Their systems/middleware team deployed the APM diagnostic tool when the SSO system went LIVE as part of their go-LIVE procedure ... without thinking of any impact/side-effect.
After removing the diagnostic tool, there is no more report of heap size issue for almost a month.
Lesson learnt I hope.