General Performance Considerations

This section describes general areas to consider when analyzing Proxy Server performance.

This section contains the following topics:

• Access Logging

• ACL Cache Tuning

• Buffer Size

• Connection Timeout

• Errors Log Level

• Security Requirements

• Solaris File System Caching

Access Logging

Disabling access logging can increase the performance of your Proxy Server. However, you lose visibility as to who is accessing the Proxy Server and what pages they are requesting.

You can disable Proxy Server access logging by commenting out the following directives in the obj.conf file:

Init fn=“flex-init” access=“$accesslog” format.access=“%Ses->client.ip% - %Req->vars.auth-user% [%SYSDATE%] \\”%Req->reqpb.clf-request%\\“ %Req->srvhdrs.clf-status% %Req->srvhdrs.content-length%”...AddLog fn=“flex-log” name=“access”

ACL Cache Tuning

By default, the Proxy Server caches user and group authentication results in the ACL user cache. You can control the amount of time the ACL user cache is valid with the ACLCacheLifetime directive in the magnus.conf file. Each time an entry in the cache is referenced, its age is calculated and checked against ACLCacheLifetime. The entry is not used if its age is greater than or equal to the ACLCacheLifetime.

The default value for the ACLCacheLifetime is 120 seconds, which means that the Proxy Server may be out of sync with the LDAP server for as long as two minutes. Setting the value to 0 (zero) turns the cache off and forces the Proxy Server to query the LDAP server each time a user authenticates. This setting will have a negative impact on the performance of your Proxy Server when implementing access control. If you set a large ACLCacheLifetime value, you might need to restart Proxy Server every time you make changes to the LDAP entries because this setting will force the Proxy Server to query the LDAP server. Set a large value only if your LDAP directory is not likely to change often.

The ACLUserCacheSize is a magnus.conf parameter that configures the maximum number of entries that can be held in the cache. The default value is 200. New entries are added to the beginning of the list, and entries at the end of this list are recycled to permit new entries when the cache reaches its maximum size.

You can also set the maximum number of group memberships that can be cached per user entry with the ACLGroupCacheSize parameter. The default value is 4. Because non-membership of a user in a group is not cached, several LDAP directory accesses will occur on every request.

Buffer Size

You can specify the size of the send buffer (SndBufSize) and the receiving buffer (RcvBufSize) at the server’s sockets. These parameters are configurable in the magnus.conf file. The recommended values vary between various UNIX and Linux operating systems. Refer to the operating system’s documentation to properly set these parameters.

Connection Timeout

You can specify the number of seconds the server waits for data to arrive from the client before closing the connection by using the AcceptTimeout parameter in the magnus.conf file. If data does not arrive before the timeout expires, the connection is closed. This parameter is set to 30 seconds by default. Under most circumstances, you do not need to change this setting. You can free up threads by setting this parameter to less than the default, but you might also disconnect users with slower connections.

Errors Log Level

Increasing the loglevel attribute in the LOG tag of the server.xml() file causes the server to generate and store more information in the errors log. However, writing entries to that file affects performance. Increase logging only while debugging a problem, and minimize logging when not in a troubleshooting mode.

Security Requirements

Enabling SSL increases the privacy and security of your Proxy Server, but also affects performance because encryption and decryption of the packets causes overhead. You might want to consider offloading encryption and decryption processing to a hardware accelerator card.

Solaris File System Caching

The Proxy Server cache is not stored in random access memory. Accesses to files are made to the file system each time a document is extracted from cache. You might want to consider using Solaris file system caching to pre-load the Proxy Server cache into memory. References to cached files are then extracted from memory rather than from the file system.