This section provides details of the parameters tuned during the performance test to optimize the system performance. You must configure these parameters based on your environments.
It is recommended to test these parameters in the staging environment before running in the production environment.
You can configure the following settings to optimize the performance:
This parameter enables Identity Server to handle more threads simultaneously to improve the performance. The thread number must be fine-tuned for every customer environment based on the number of attributes attached to a user session. When each user session holds a large number of attributes, each user session requires more heap memory. The available stack memory reduces as a result. If the number of threads configured in this scenario is high, Tomcat tries to spawn more threads and fails due to non-availability of the stack memory. You must fine-tune the number of threads based on the attribute usage.
In server.xml file, set the value of maxThreads to 1000 for for 8443 as follows:
Linux: /opt/novell/nam/idp/conf/server.xml
Windows: C:\Program Files (x86)\Novell\Tomcat\conf\server.xml
<Connector NIDP_Name="connector" SSLEnabled="true" URIEncoding="utf-8" acceptCount="100" address="x.x.x.x" ciphers="XX, XX ,XX, XX" clientAuth="false" disableUploadTimeout="true" enableLookups="false" keystoreFile="/opt/novell/devman/jcc/certs/idp/connector.keystore" keystorePass="p2SnTyZPHn9qe66" maxThreads="1000" minSpareThreads="5" port="8443" scheme="https" secure="true" sslImplementationName="com.novell.nidp.common.util.net.server.NIDPSSLImplementation" sslProtocol="TLS"/>
NOTE:For Access Manager Appliance, the port number is 2443.
The Tomcat configuration file controls the amount of memory that Tomcat can allocate for Java.
If you have installed Identity Server on a machine with a minimum 4 GB memory, you can modify the tomcat.conf file to improve performance under heavy load as follows:
In /opt/novell/nam/idp/conf/tomcat.conf, set the following parameters:
Replace the Xms and Xmx values to 2048: JAVA_OPTS="-server -Xms2048m -Xmx2048m –Xss256k “
This enables the Tomcat process to come up with 2 GB pre-allocated memory. If your Identity Server machine has more than 4 GB memory, the recommendation is to allocate 50% to 75% of the memory to Identity Server Tomcat. This needs to be fine-tuned based on each customer's environment.
Set Identity Server Tomcat to 12288 for both Xms and Xmx.
Change the -Dnids.freemem.threshold value from 0 to a value between 5 and 15. This parameter prevents user sessions from consuming all memory and ensures that free memory is available for other internal Java processes to run. When this threshold is reached, the user receives a 503 server busy message and a threshold error message is logged to the catalina.out file.
JAVA_OPTS="${JAVA_OPTS} -Dnids.freemem.threshold=10"
NOTE:On Windows, these values can be set by executing the Tomcat7w.exe file located at the C:\Program Files (x86)\Novell\Tomcat\bin. Select the Java tab for setting the Initial memory pool and Maximum memory pool values.
In web.xml, set ldapLoadThreshold to 600.
Linux: /opt/novell/nam/idp/webapps/nidp/WEB-INF/
Windows: C:\Program Files (x86)\Novell\Tomcat\webapps\nidp\WEB-INF\
<context-param>
<param-name>ldapLoadThreshold</param-name>
<param-value>600</param-value>
</context-param>
This enables Identity Server to make connections to the LDAP user store up to 600.
You can configure the following settings to optimize the performance:
In server.xml, set maxThreads="1000" for the port 9009 connector.
Linux: /opt/novell/nam/mag/conf/
Windows: C:\Program Files\Novell\Tomcat\conf\
This parameter enables Access Gateway Appliance ESP to handle more threads simultaneously to improve the performance. The thread number needs to be fine-tuned for every customer environment based on the number of attributes attached to a user session. When each user session holds a large number of attributes, each user session needs more heap memory. The available stack memory reduces as a result. If a number of threads configured in this scenario is high, Tomcat tries to spawn more threads and fails due to non-availability of the stack memory. You need to fine-tune the number of threads based on the attribute usage.
The Tomcat configuration file controls the amount of memory that Tomcat can allocate for Java.
If you have installed Access Gateway on a machine with the minimum 4 GB of memory, you can modify the tomcat.conf file to improve performance under heavy load as follows:
In /opt/novell/nam/mag/conf/tomcat.conf, replace values of Xms and Xmx to 2048: JAVA_OPTS="-server -Xms2048m -Xmx2048m –Xss256k "
This enables the Tomcat process to come up with 2 GB pre-allocated memory.
If the Access Gateway Appliance machine has more than 4 GB memory, the recommendation is to allocate 50% to 75% of the memory to ESP Tomcat. This needs to be fine-tuned based on each customer environment.
Set Xms and Xmx to 12288 for ESP Tomcat.
Change the -Dnids.freemem.threshold value from 0 to a value between 5 and 15.This parameter prevents user sessions from using up all memory and ensures that free memory is available for other internal Java processes to function. When this threshold is reached, the user receives a 503 server busy message and a threshold error message is logged to the catalina.out file. JAVA_OPTS="${JAVA_OPTS} -Dnids.freemem.threshold=10"
NOTE:On Windows, these values can be set by executing the Tomcat7w.exe file located at the C:\Program Files (x86)\Novell\Tomcat\bin directory. Select the Java tab for setting the Initial memory pool and Maximum memory pool values.
Add the following advanced option:
NAGGlobalOptions ESP_Busy_Threshold=5000
In /etc/opt/novell/apache2/conf/extra/httpd-mpm.conf, mpm_worker_module is configured by default with the following settings:
<IfModule mpm_worker_module>
ThreadLimit 300
StartServers 3
MaxClients 3000
MinSpareThreads 3000
MaxSpareThreads 3000
ThreadsPerChild 300
ServerLimit 10
MaxRequestsPerChild 0
</IfModule>
This configuration is for the Appliance machine with the minimum 4 GB memory. If the Appliance machine has more than 6 GB memory, set mpm_worker_module to match the following configuration.
The performance tests are conducted with the following configuration when the Appliance machine has 16 GB memory available:
<IfModule mpm_worker_module>
ThreadLimit 1000
StartServers 9
ServerLimit 10
MaxClients 9000
MinSpareThreads 9000
MaxSpareThreads 9000
ThreadsPerChild 1000
MaxRequestsPerChild 0
</IfModule>
If the available memory is less or more, you must fine-tune each of these configurations based on your environment.
Access Gateway Service on Windows:
The mpm_winnt_module is located at C:\Program Files\Novell\apache\conf\extra\httpd-mpm. It is by default configured with the following settings:
<IfModule mpm_winnt_module>
ThreadsPerChild 1920
MaxRequestsPerChild 0
</IfModule>
Modifying the default values do not have any impact on the performance.
Access Manager 4.4 onward, Access Gateway supports web socket applications. The scalability of Access Gateway for web socket connections depends on the Access Gateway hardware configuration along with a proper system and Access Gateway tuning.
Consider the following tuning for web socket scalability:
In large scale Web-Socket deployments, Access Gateway may run out of the available maximum number of open file descriptor after reaching the default maximum open file descriptor. It is recommended to configure more number of open file descriptor in such cases. To find the maximum number of open files for a process, run the following command on the Linux server to know the maximum number of open files for the process:
#ulimit -n
Access Gateway requires independent threads to handle individual Web-Socket requests. apache httpd-mpm.conf must be tuned properly based on the web socket traffic that is expected to load to the Access Gateway server. For example, using the following configuration, you can scale 30K Web-Socket connections on an Access Gateway node:
Hardware: 4 CPU, 16 GB Memory
Ulimit setting: ulimit -n 8192
Edit the following setting in httpd-mpm.conf at /etc/opt/novell/apache2/conf/extra/httpd-mpm.conf:
<IfModule mpm_worker_module>
ThreadLimit 3000
StartServers 9
ServerLimit 10
MaxClients 30000
MinSpareThreads 9000
MaxSpareThreads 9000
ThreadsPerChild 3000
MaxRequestsPerChild 0
</IfModule>