Sun Java System Directory Server Enterprise Edition 6.0 Evaluation Guide

Chapter 5 Tuned for Performance

This chapter describes the Directory Server features that help you tune your deployment for best performance. This chapter covers the following topics:

Cache Optimizations

For fast response time to client requests, Directory Server caches directory information in memory. For top performance, you can tune your suffix entry cache settings to optimize performance. Directory Server provides easier control of cache sizing, and once tuned, the server adheres strictly to the cache setting.

This section describes the main features of the Directory Server cache:

Setting Thresholds on Dynamic Memory Use

Directory Server allows you to strictly control the use of memory for cache purposes so that less memory is used. You specify a low and high threshold for dynamic memory use. When this threshold is reached, Directory Server attempts to free memory from the suffix entry caches and to keep memory use under control. If the server reaches the high threshold, the server goes into aggressive mode to free memory. Performance is only effected when the high threshold is reached.

This feature provides two configurable thresholds: a soft threshold and a hard threshold. When the soft threshold is reached, Directory Server attempts to free memory concurrently with other operations. When the hard threshold is reached, operations on the cache are prevented while memory is being freed. These two thresholds are defined by two server properties:

See the server(5dsconf) man page for details on the two server properties.

Optimizing Cache Memory Allocation

The size of the cache determines how the memory is allocated. For example, if the cache is less than two Gbytes, the server uses one memory pool. If the cache size is larger than two Gbytes, the server optimizes cache memory allocation by using as many pools as necessary, with each pool dedicated to a particular size.

Log Management Improvements

This version of Directory Server brings improvements to time-based log rotation, rotate on-demand functionality for access, error, and audit logs, and configurable permissions for log files. It also provides more flexible logging of users involved in proxy authorization.

The following sections describe changes that have been made in the logging functionality of Directory Server.

Time-Based Log Rotation and Deletion

Directory Server supports rotating and deleting logs not only after a specified interval, but also at a specified time. This feature lets you more easily perform operations such as log analysis and trending, as each rotated log file covers the same length of time. This feature can also be used to meet auditing and security requirements because it makes it easier to determine the specific period of time covered by a given log file.

You can specify whether to rotate the log according to a time interval or according to the size of the log file. The following figure illustrates using the DSCC to configure log rotation to occur once a week at midnight, as well as to rotate the log files when the size limit exceeds 100 Mbytes:

Illustrates the Log Rotation section of the DSCC

See the log(5dsconf) man page for details on the rotation-time log property.

For example, from the command line, you can display the current configuration for the access log as follows:

$ dsconf get-log-prop -p 20390
enabled                   :  on
level                     :  default
max-age                   :  1M
max-disk-space-size       :  500M
max-file-count            :  10
max-size                  :  100M
min-free-disk-space-size  :  5M
path                      :  /install-path/sA1/logs/access
perm                      :  600
rotation-interval         :  1d
rotation-min-file-size    :  unlimited
rotation-time             :  undefined
verbose-enabled           :  N/A

You can change the rotation interval for the access log through the command line as follows:

$ dsconf set-log-prop -p 20390 rotation-interval:2d

Now, to display the new log file rotation interval, type the following:

$ dsconf get-log-prop -p 20390 rotation-interval
rotation-interval  :  2d

On-Demand Log Rotation

You can manually rotate Directory Server access, error, and audit logs. This feature is useful when you want the server to stop writing to the current log file while you examine the file. You might also choose to use this feature with system scheduler utilities in addition to time-based log rotation.

You can rotate the access log by using the DSCC. The following figure illustrates the logging configuration screen and the Rotate Log File Now button. Clicking this button allows you to close the current log file and start a new one.

Screenshot of the DSCC Access Log viewer and
the Rotate Log File Now button.

To rotate the access log from the command line, type the following:

$ dsconf rotate-log-now -p 20390

See the dsconf(1M) man page for details on the rotate-log-now subcommand.

Configurable Log File Permissions Settings

Directory Server provides the ability to configure the permissions with which the log file is created, allowing you to change permissions to logs from the default value. This feature lets you tightly control what the user who starts the server can do. At the same time, you can permit specific applications and other users to access key, time-dependent information contained in the logs.

Directory Server enables you to specify the permissions with which a log file will be created.

Log file creation permissions can be set using the dsconf command or using the DSCC as illustrated in the following figure.

Log File Permissions screen in the DSCC

See the log(5dsconf) man page for details on the perm log property.

Monitoring and Managing Persistent Searches

You can now monitor the number of persistent searches that are running on the server, and set a maximum number of persistent searches. To monitor the number of persistent searches, view the value for the currentpsearches attribute, which is stored under cn=monitor. To set a maximum number of persistent searches, use the command dsconf set-server-prop max-psearch-count:number. This feature is useful for troubleshooting and preventing performance issues related to persistent searches.

Where to Go From Here

To read more about the features presented in this chapter, refer to the following documentation.



Defining your Directory Server performance requirements 

Defining Performance Requirements in Sun Java System Directory Server Enterprise Edition 6.0 Deployment Planning Guide

Introduction to caches and how Directory Server uses them 

Caches and How Directory Server Uses Them in Sun Java System Directory Server Enterprise Edition 6.0 Reference

Tuning cache settings for better performance 

Tuning Cache Settings in Sun Java System Directory Server Enterprise Edition 6.0 Reference

Introduction to Directory Server logging 

Chapter 7, Directory Server Logging, in Sun Java System Directory Server Enterprise Edition 6.0 Reference

Managing Directory Server logs 

Chapter 14, Directory Server Logging, in Sun Java System Directory Server Enterprise Edition 6.0 Administration Guide

For a hands-on demonstration of the features described in this chapter, use the scripts provided with the Evaluation Kit. The following table lists the scripts available to demonstrate each feature.


Evaluation Script

Forcing immediate log file rotation

Configuring log file permissions