From fb8714105aaa4db09cfbcc53994429d9b245c2bd Mon Sep 17 00:00:00 2001 From: "a.pandey" <120591abhishek@gmail.com> Date: Thu, 3 Oct 2024 01:19:41 -0700 Subject: [PATCH 1/3] Included new Instance scan check under category performance to validate if ''Run Business Rule' on Transform Map[sys_transform_map] is Disabled' --- ca8467c41b9abc10ce0f62c3b24bcbaa/checksum.txt | 2 +- ...check_f9f026c983cd92100283b955eeaad323.xml | 50 +++++++++++++++++++ 2 files changed, 51 insertions(+), 1 deletion(-) create mode 100644 ca8467c41b9abc10ce0f62c3b24bcbaa/update/scan_table_check_f9f026c983cd92100283b955eeaad323.xml diff --git a/ca8467c41b9abc10ce0f62c3b24bcbaa/checksum.txt b/ca8467c41b9abc10ce0f62c3b24bcbaa/checksum.txt index 3dc5a7f..86223ec 100644 --- a/ca8467c41b9abc10ce0f62c3b24bcbaa/checksum.txt +++ b/ca8467c41b9abc10ce0f62c3b24bcbaa/checksum.txt @@ -1 +1 @@ -CuNEYHj5RbBsjVJxohTMD1xntLLtuzW06YrIQxv_dnuv66Z-CP9Yyz94aT1y6VMee62ueoZ-zoVm79qzmSN0EDnNTIajGUE-L9E8z-wSmPjpDRK6unp5pT-WyQru961HXU1NDT6tYoVYpmHPnC1pxK1hGqlJ5xCFlFjoYHaWTOMQ-jgr2lppwmOLGMGR7znGbC3ffVubbJzVWxZF2A54U5qoSwKmMb-Sl6nBVJvbZz8finGJvOBn8WzxH6DP_rUNqXJ4ZflVbC2EWzi2mlf_jhEvu35jXElgy6I7myTSoOJvWiK8J6arVkKEt1MNTtewGnDrFnAbFFZ53T08x7UafmirFgZuS4MbzwCYGQ_dX9IlcB-5OLXuB1JYApTLKEJnT364IFKOpAgwzZm5F9dhRAYQG6qVRonDCHrXl1ZJ1WFEMgDCksXtQpTcc53Fe-cH348-sbttOrFExqMtN8HmrJxdjJWFQB0WIPnb7BLMIc6qvc0QIfku9KZpHSlse1cttB-pn_l5UM07YLgjoWCB2wvGaLkZdjDOT0MZizytu7SaAs0SFgm4Q2g4p3xTJ9C78cM24TaT0oQ_gIehRDaf-ETeb4XCdMj1hpaRB4PR2JquoRXJvkfZ7bB6l0ahyfDeQvKqk2cmDf0Mt2CKXeALoAOwe3vhtLMTXKOL1NBAjm4 \ No newline at end of file +P7_5PV-3CgmtgGTQY9SXzUitls7C4E-8eTwLZoEdIbZMDSqedSyb9KEsrmeAeaoXbE10aeEWa7UvD7rA7p2wqA7FitkdiqA-yj2I9Am5D38giOyKa4KcN9LhWxXWuIHvq7trUTltpPcGsKTl0_F8HSDwyiQfOOS4kTms0NWbOI4DLrjMhgf_c3BwjGrhKf1x6f2oTYmF2WRqzXwgmi0rm6S8bA6s6_2xyLC6-2W39gd_Mtn2zs68YkmPwnqeQ2vB7Zlu1rutpeDEz_GMuuxYal3huMEsl43jK9B6f1q6WGM0qkSD79PfNrI-HoUXSjdb5akmTd25VQiFOtgSoEdMmaSWfiZXn2Xdk3Dh4xTAAMeI65atgDAuBRE3cWAa4YbDZR1BDcgrnRkB31IsVyxve8It6Q9CoWC0NC2EiEa3NpvE3MrtfqzGoaxheo06R6is-rc0v-aOGLDVwYIyWfWoSywjJz8RhgRSHqYm_i4Qp-Qy9oXX_nEJi4xjNzL6XSyRZSuOnBKc_MiCxnuI9SXEtOa9W6w0ckYZwabu31COoCL1qb6cVhq1yhq7JJInFcwPLQqd5UBFrjwSYOI_XUTrSTJTS2TlevXH4eUeL1nS7KdxDjcIDJmgQGZ3A_HJW3m0C9d4Qb2bOADLww36usSKSlLUZGTsI_JbSa3TRxhOANw \ No newline at end of file diff --git a/ca8467c41b9abc10ce0f62c3b24bcbaa/update/scan_table_check_f9f026c983cd92100283b955eeaad323.xml b/ca8467c41b9abc10ce0f62c3b24bcbaa/update/scan_table_check_f9f026c983cd92100283b955eeaad323.xml new file mode 100644 index 0000000..25f3b3b --- /dev/null +++ b/ca8467c41b9abc10ce0f62c3b24bcbaa/update/scan_table_check_f9f026c983cd92100283b955eeaad323.xml @@ -0,0 +1,50 @@ + + + true + false + performance + run_business_rules!=true^EQ + + + Business rules validation directly on fields in Transform Maps is generally not considered a best practice, and instead, it is recommended to leverage other methods like Field Map Scripts or onBefore Transform Scripts for handling field-level data manipulation. +Transform Maps usually deal with bulk data imports. Using business rules (which fire on each insert/update) during a data import can negatively impact performance, as business rules execute for every individual record transformation, which can slow down processing. + + scan_finding + Transform Map Run Business Rule + 3 + Disable “Run Business Rules” + +Unless needed, the “Run Business Rules” checkbox should be unchecked as Post import additional business logic may leads to run via existing business rules, but this can increase +import/processing times. + +Disabling this option will will stop the execution of the following and prevent the potential performance issue +– Business Rules +– Script engines (Approval Engine, Assignment rule Engine, Data policy Engine Field normalization Engine (CMDB), Role Engine, Execution Plan Engine, Workflow Engine, text Indexing Engine, Update Sync Engine(Update Set), Data Lookup Engine, Email notification) +– Auditing + + 100 + 0 + 1 + + Disable 'Run Business Rule' on Transform Map[sys_transform_map] + scan_table_check + a.pandey + 2024-10-03 08:17:34 + f9f026c983cd92100283b955eeaad323 + 0 + Transform Map Run Business Rule + ca8467c41b9abc10ce0f62c3b24bcbaa + + ca8467c41b9abc10ce0f62c3b24bcbaa + scan_table_check_f9f026c983cd92100283b955eeaad323 + a.pandey + 2024-10-03 08:17:34 + sys_transform_map
+ false + + + From c0e5e33ff7957c5f676f1975b36a849a024c35b7 Mon Sep 17 00:00:00 2001 From: "a.pandey" <120591abhishek@gmail.com> Date: Thu, 3 Oct 2024 02:07:35 -0700 Subject: [PATCH 2/3] =?UTF-8?q?Included=20new=20instance=20scan=20check=20?= =?UTF-8?q?for=20system=20property=20table=20to=20inspect=20if=20'Ignore?= =?UTF-8?q?=20Cache'=20option=20is=20set=20as=20True.=20Since=20it=20has?= =?UTF-8?q?=20potential=20of=20causing=20system=20wide=20performance=20imp?= =?UTF-8?q?act.=20If=20=E2=80=98ignore=5Fcache=E2=80=99=20is=20unchecked,?= =?UTF-8?q?=20then=20the=20entire=20Glide=20System=20cache=20will=20be=20f?= =?UTF-8?q?lushed=20when=20a=20property=20is=20changed.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ca8467c41b9abc10ce0f62c3b24bcbaa/checksum.txt | 2 +- ...check_cfe622458301d2100283b955eeaad366.xml | 49 +++++++++++++++++++ 2 files changed, 50 insertions(+), 1 deletion(-) create mode 100644 ca8467c41b9abc10ce0f62c3b24bcbaa/update/scan_table_check_cfe622458301d2100283b955eeaad366.xml diff --git a/ca8467c41b9abc10ce0f62c3b24bcbaa/checksum.txt b/ca8467c41b9abc10ce0f62c3b24bcbaa/checksum.txt index 86223ec..e78cfb2 100644 --- a/ca8467c41b9abc10ce0f62c3b24bcbaa/checksum.txt +++ b/ca8467c41b9abc10ce0f62c3b24bcbaa/checksum.txt @@ -1 +1 @@ -P7_5PV-3CgmtgGTQY9SXzUitls7C4E-8eTwLZoEdIbZMDSqedSyb9KEsrmeAeaoXbE10aeEWa7UvD7rA7p2wqA7FitkdiqA-yj2I9Am5D38giOyKa4KcN9LhWxXWuIHvq7trUTltpPcGsKTl0_F8HSDwyiQfOOS4kTms0NWbOI4DLrjMhgf_c3BwjGrhKf1x6f2oTYmF2WRqzXwgmi0rm6S8bA6s6_2xyLC6-2W39gd_Mtn2zs68YkmPwnqeQ2vB7Zlu1rutpeDEz_GMuuxYal3huMEsl43jK9B6f1q6WGM0qkSD79PfNrI-HoUXSjdb5akmTd25VQiFOtgSoEdMmaSWfiZXn2Xdk3Dh4xTAAMeI65atgDAuBRE3cWAa4YbDZR1BDcgrnRkB31IsVyxve8It6Q9CoWC0NC2EiEa3NpvE3MrtfqzGoaxheo06R6is-rc0v-aOGLDVwYIyWfWoSywjJz8RhgRSHqYm_i4Qp-Qy9oXX_nEJi4xjNzL6XSyRZSuOnBKc_MiCxnuI9SXEtOa9W6w0ckYZwabu31COoCL1qb6cVhq1yhq7JJInFcwPLQqd5UBFrjwSYOI_XUTrSTJTS2TlevXH4eUeL1nS7KdxDjcIDJmgQGZ3A_HJW3m0C9d4Qb2bOADLww36usSKSlLUZGTsI_JbSa3TRxhOANw \ No newline at end of file +ocgk30OZCgJiO0J_9mbH0UAMvW8OyUPilbYIaM5smjvny01iks-MTTaCCpQ81BtPUZhdkceTlwBLF2OvnpXLSz4iaDnIwRNtx2sny25-eeMsU9V1NkqtrANn3WoZKeS44ixvbN03bEWrxXfaW9-L4SL_P_Y8-hGbwqjST2ZNcSOgtvhRQAn1djeY3Fz0AQC4IwBFjbKfqW2SYnHl0FVjwQc67CGbjC3Qa6iD9igvlZCHnUBTTdNAOObzFkX-y-1PBWL0A2v3FHBrv6hXtLf5ShkFoH__0tnctuysBHEvYjOkY59m4-73D76TcfUkHnP93hoMh2LoM4JED0AATNYcTXlmKVSnkNOeyGHNZ2bAotMlWnwBlvv-3ru6xzFhAM4BYniFJsdavRuOF1J-IkIEMFYVCK7A3X2m4Zf0bEPrNO6dX-5qeOL0l_720h6DrECrJlaOa2ZIWHgZUkGVZl8zC8XEPeENNZ5iC660wdTlR6LAWYBYP25o2yGRsgQO8_jY4O0kFTt32WF5kfQAyATANT3Wv8poZavzmCHq5jNy2XEhJ3q8foHo3USLJZujr6WOF0fjRz5TCiQxtS_40LcwS2ulTiJQJOABVZeXkJgShaEXY9LLbdTyDtivNMyoovjuIRxsKNEFC8A67Is3vXCDys6aw9TmxCqN7QZ90SsewyQ \ No newline at end of file diff --git a/ca8467c41b9abc10ce0f62c3b24bcbaa/update/scan_table_check_cfe622458301d2100283b955eeaad366.xml b/ca8467c41b9abc10ce0f62c3b24bcbaa/update/scan_table_check_cfe622458301d2100283b955eeaad366.xml new file mode 100644 index 0000000..70c4803 --- /dev/null +++ b/ca8467c41b9abc10ce0f62c3b24bcbaa/update/scan_table_check_cfe622458301d2100283b955eeaad366.xml @@ -0,0 +1,49 @@ + + + true + false + performance + ignore_cache=true^EQ + + + Ignore Cache is a Glide Properties (records in the sys_properties table) field that impacts system performance. ‘ignore_cache’ is a way of avoiding database calls for commonly accessed property values. When it’s not handled carefully it can cause a system-wide cache flush leading to potentially severe performance degradation for anywhere from 5 to 30 minutes. In some very rare cases, the cache flush can even bring nodes down hard enough that the load balancer takes them offline, thus resulting in temporary session imbalance and causing hours of impact. + +The system stores system property values in server-side caches to avoid querying the database for configuration settings.” + + When you change a system property value, the system always flushes the cache for the sys_properties table. Use this field to determine whether to flush this property's value from all other server-side caches. + + scan_finding + Ignore Cache : System Property + 2 + To prevent the cache flush in the future for the same system property, you can activate the Ignore cache i.e always select the ignore_cache checkbox. Almost always have 'ignore cache' set to "true" on 'sys_properties' records. Typically, you should only select the check box and enable ignoring the cache when you have a system property that changes more frequently than once a month, and the property value is only stored in the sys_properties table. + +Ignore cache = True: An update or insert of a system property will rebuild ONLY for that particular sys_property cache (yes, it is not a full ignore). + +Select the check box to ignore flushing some server-side caches, thus flushing only the cache for the sys_properties table and preserving the prior property value in all other caches. This option avoids the performance cost of flushing all caches and retrieving new property values. + + 100 + 0 + 1 + + Disable 'Ignore cache' checkbox for commonly accessed system Properties + scan_table_check + a.pandey + 2024-10-03 09:04:30 + cfe622458301d2100283b955eeaad366 + 0 + Ignore Cache : System Property + ca8467c41b9abc10ce0f62c3b24bcbaa + + ca8467c41b9abc10ce0f62c3b24bcbaa + scan_table_check_cfe622458301d2100283b955eeaad366 + a.pandey + 2024-10-03 09:04:30 + sys_properties
+ false + + + From daa2985fc19a1a11ba4b2686be08123a498ca082 Mon Sep 17 00:00:00 2001 From: Abhishek Pandey <91930405+bird-03@users.noreply.github.com> Date: Thu, 3 Oct 2024 14:47:17 +0530 Subject: [PATCH 3/3] Update README.md Included instance scan under 'Performance' cateogry to validate if ignore cache on system property table is set as True. This PR contains ne instance scan change along with readme.md file update --- README.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/README.md b/README.md index 20bf8a0..afaccfe 100644 --- a/README.md +++ b/README.md @@ -232,6 +232,12 @@ Restrict the number of row counts ma x to 10,20,50 instead of higher limits such Navigate to the user preference table and search by 'rowcount'. Set the value to 50 max. Also, can set the property 'glide.ui.per_page' sys property value to 10, 20, 50 only +### Disable 'Ignore cache' checkbox for commonly accessed system Properties +Ignore Cache is a Glide Properties (records in the sys_properties table) field that impacts system performance. ‘ignore_cache’ is a way of avoiding database calls for commonly accessed property values. When it’s not handled carefully it can cause a system-wide cache flush leading to potentially severe performance degradation for anywhere from 5 to 30 minutes. In some very rare cases, the cache flush can even bring nodes down hard enough that the load balancer takes them offline, thus resulting in temporary session imbalance and causing hours of impact. + +To prevent the cache flush for such system property, you can activate the Ignore cache i.e always select the ignore_cache checkbox. Almost always have 'ignore cache' set to "true" on 'sys_properties' records. Typically, you should only select the check box and enable ignoring the cache when you have a system property that changes more frequently than once a month, and the property value is only stored in the sys_properties table. + +Ignore cache = True: An update or insert of a system property will rebuild ONLY for that particular sys_property cache (yes, it is not a full ignore). ## Category: Security ##Check Mandatory fields on incident