Thursday, May 8, 2014

Operational Decision Management: In-Memory (RetePlus) vs. Input Parameter (RetePlus, Sequential)

IBM Operational Decision Manager (ODM) supports multiple rule execution algorithms: RetePlus, Sequential and Fastpath. We are going to compare test run results of the first two algorithms.

RetePlus Mode:

The default execution mode is RetePlus. Use its optimization techniques to improve performance: reduction of the number of rules and conditions, computation of the rules to execute, and prioritization of the rule order. The RetePlus algorithm operates as follows:
  1. The rule engine matches the conditions of the rules in the ruleset against the objects in working memory. During the pattern matching process, RetePlus creates a network based on semantic relationships between rule condition tests. 
  2. For each match, a rule instance is created and put into the agenda. Then the agenda, based on some ordering principles, selects the rule instance to be executed.
  3. When the rule instance is executed, the rule action is executed.
    This action modifies the working memory in the following ways:
    - By adding a new object to the working memory
    - By removing an object from the working memory
    - By modifying the attributes of an existing object.
  4. The process carries on cyclically until no more rule instances are left in the agenda

Sequential Mode:

The sequential mode executes all the eligible rules for a given rule task in sequence, which provides specific performance advantages. The sequential algorithm operates as follows:

  1. The rule engine performs pattern matching on input ruleset parameters and on the conditions defined on the collections of objects in working memory.
  2. For each match, a rule instance is created and immediately executed. When a rule instance is executed, it sets the value of an attribute or an output ruleset parameter.

Input/output objects can be passed in to the rule engine as ruleset parameters or rules can create and manipulate in-memory objects.

Simple three rules were implemented to compare ruleset execution times for permutations of two execution algorithms and two ways of passing in input objects to the rule engine. Each of the three rules is in a separate ruletask in the ruleflow. Execution times are machine-dependent and therefore, execution time comparison of different algorithms is meaningful only relative to each other. Note that in-memory objects can only run RetePlus.  Below is the execution times chart for the following cases:

  1. Using input parameters and RetePlus algorithm
  2. Using input parameters and Sequential algorithm
  3. Using in memory objects and RetePlus algorithm

Input Size
Using Parameters and
RetePlus Algorithm
 (time in seconds)
Using Parameters and
Sequential Algorithm
(time in seconds)
Using in Memory Objects and
 RetePlus Algorithm
(time in seconds)
 Number of Rules

To improve the performance of RetePlus algorithm you can do one of the following:                              (Click here for details)
  • Optimize the object model
  • Optimize with optimize method 
  • Optimize with static agenda
  • Activate dynamic rule compilation
  • Improve the performance of equality and/or comparison evaluation 

To improve the performance of Sequential algorithm you can try: 
  • Memory consumption reduction

Artur Sahakyan is an Associate Consultant at Prolifics specializing in IBM WebSphere Operational Decision Management (v5.xx - v8.xx). Artur has a strong background in mathematics and probability/statistics. He also has profound knowledge of IBM Business Process Manager, IBM Integration Bus (IIB v9), IBM WebSphere MQ (v7), IBM SPSS Modeler, IBM SPSS Statistics, Java, C++, C. 

An Inside Look: Prolifics Identity Management Health Check

Some identity management solutions produce interfaces and results that look decadent, others homemade.  Some are simple and pure, and others a blazing tangle of neon-lit panels. Whether an identity management solution appears simple or elaborate, the reality is those consumable interfaces sit atop a service bundle responsible for keeping access data to critical business systems flowing.

If you see something like this on the front:

The measurements may come from something like this:

(not an actual IM administrative panel)

Robust solutions can be configured to heel systems into measurable formation, and report anticipated conditions to responsible parties.  One picture can clearly call out an error, such as a connection choking on a query because an index became too fragmented and is now thrashing on I/O.   Most facets of a functioning identity management solution can be known and therefore measured.

That is, until they change.
  • Certificates or passwords expire
  • Software needs to be patched
  • Organizations want to adapt to new opportunities
  • Organizations anticipate growth
  • New security mandates are introduced
Entropy rules all, even in software.

Two ways to prepare for the changes that affect an identity management system are to be reactive - trust existing monitors and processes, wait for something to happen, and respond - or be proactive and review system health.  The difference is fodder for FUD (Fear, Uncertainty, and Doubt).  Only the most masochistic of us appreciate learning a litany of imminent problems and shortcomings on the back of resolving a current one. And, as experts in identity management, Prolifics prefers getting in front of a situation instead of waiting until a customer encounters one problem only to bear the bad news that they have five more.

The Prolifics Identity Management Health Check is a proactive review of an existing identity management installation. Prolifics inspects the environment, current running software, logs, and activity.  The result of a health check is a forecast for upgrade potential and how current system monitors may respond if current conditions continue.  

The following topics are included in a Health Check:
  • Hardware and Operating System
  • Software Solution Infrastructure
    • Documentation and Architecture
    • Utilization
    • Authorization
  • Identity Management
    • Services
    • Policies
    • Workflows
    • Operations
    • Lifecycles
    • Permissions
    • Schedules
  • Directory Integrator
  • Databases
  • Directories
  • Customizations
After inspecting the previous areas, several important artifacts will be created:
  1. A detailed map of the current infrastructure, which can be used for audits, upgrades, customizations, and future problem resolution
  2. Recommendations for configuration changes, patches and updates
  3. Critical discoveries
When everything works the way it should, the little lights blink, texts and emails and robo-calls are made, and all is good, Then, one day, comes a furlong of stack trace or cryptic code to announce that something unexplainable happened.  It could be an innocuous event, or it could be symptomatic of a more serious problem. Someone will have to look past the friendly front ends, behind the reports, and go below the surface.  There they will confront the complexity of an identity management solution. 

(An actual IM infrastructure)

In cases like this, it's always good to be prepared.

To learn more about Prolifics' security solutions, visit:

Stephen Cote is an Enterprise Solutions Architect at Prolifics. He brings extensive experience in orchestrating enterprise architectural initiatives while creating marketable products that drive revenue and protect assets. Stephen is a creative technology leader with more than 18 years of involvement in all aspects of software development from inception to release, as a manager, architect, and technical engineer.