|
| Sun ONE Directory Proxy server Installation Guide |
Chapter 2 Computer System Requirements
Before you can install Sun ONE Directory Proxy Server, you must make sure that the systems on which you plan to install the software meet the minimum hardware and operating system requirements.
These requirements are described in detail for each platform in the following sections:
Supported Platforms
Directory Proxy Server is supported on the following platforms:
- Sun Solaris 8 or 9 for SPARC (32 bit) operating environment
- Sun Solaris 9 for Intel
- Windows 2000 Server and Advanced Server with Windows 2000 Service Pack 3
- Redhat Linux 7.2
- Sun Linux 5.0
Note For each platform, check the required patches and kernel parameter settings, as described in the sections that follow.
Hardware Requirements
On all platforms, you will need:
- Roughly 300 MB of disk space for a minimal installation.
- 256 MB of RAM.
Operating System Requirements
This section covers the required operating system version, patches, and utilities for each platform.
Solaris Environment
If you plan to run Directory Proxy Server on a Solaris environment, you must ensure that the recommended patch cluster is installed. Solaris patches are identified by two numbers, for example, 106125-10. The first number (106125) identifies the patch itself. The second number identifies the version of the patch, in the example above the patch is version number 10. We recommend installing the latest version of the patch in order to benefit from the latest fixes.
For advice on guarding against potential security threats, see the Solaris Operating Environment Security Sun Blueprint at this site: http://www.sun.com/blueprints/0100/security.pdf
Required System Modules
Directory Proxy Server is optimized for systems with the UltraSPARC chipsets.
Use of Solaris 8 or 9 with the Sun recommended patches is required. See Verify System Tuning for procedures for ensuring all required patches are present.
This release of Sun ONE Directory Server is supported on Solaris x86 for Solaris 9 only.
This release of Sun ONE Directory Server is not supported on Solaris 2.5.1 or earlier, Solaris 2.6, or Solaris 7.
Verify System Tuning
Deployment of a service based on Sun ONE directory products will require system tuning to achieve optimal performance. Basic Solaris tuning guidelines are available from several books, including Sun Performance and Tuning: Java and the Internet (ISBN 0-13-095249-4). Advanced tuning information is available in the Solaris Tunable Parameters Reference Manual (806-4015).
The program idsktune, which is available in your installation in the unpacked package directory, analyzes the Solaris kernel tuning parameters and reports any changes that should be made to improve performance. This program does not modify the system.
File Descriptors
The system-wide maximum file descriptor table size setting will limit the number of concurrent connections that can be established to Directory Proxy Server. The governing parameter, rlim_fd_max, is set in the /etc/system file. By default if this parameter is not present the maximum is 1024. It can be raised to 4096 by adding to /etc/system a line
set rlim_fd_max=4096
and rebooting the system. This parameter should not be raised above 4096 without first consulting your Sun Solaris support representative as it may affect the stability of the system.
TCP Tuning
The TCP/IP implementation in a Solaris kernel is by default not correctly tuned for Internet or Intranet services. The following /dev/tcp tuning parameters should be inspected, and if necessary changed to fit the network topology of the installation environment.
The tcp_time_wait_interval in Solaris 8 specifies the number of milliseconds that a TCP connection will be held in the kernel's table after it has been closed. If its value is above 30000 (30 seconds) and the directory is being used in a LAN, MAN or under a single network administration, it should be reduced by adding a line similar to the following to the
/etc/init.d/inetinit file:ndd -set /dev/tcp tcp_close_wait_interval 30000
The tcp_conn_req_max_q0 and tcp_conn_req_max_q parameters control the maximum backlog of connections that the kernel will accept on behalf of the Directory Proxy Server process. If the directory is expected to be used by a large number of client hosts simultaneously, these values should be raised to at least 1024 by adding a line similar to the following to the /etc/init.d/inetinit file:
ndd -set /dev/tcp tcp_conn_req_max_q0 1024
ndd -set /dev/tcp tcp_conn_req_max_q 1024The tcp_keepalive_interval specifies the interval in seconds between keepalive packets sent by Solaris for each open TCP connection. This can be used to remove connections to clients that have become disconnected from the network. The Specify timeout option on the Directory Proxy Server console configuration screen, with a value in seconds, can also be used for this purpose, as it will time out idle connections.
The tcp_rexmit_interval_initial value should be inspected when performing server performance testing on a LAN or high speed MAN or WAN. For operations on the wide area Internet, its value need not be changed.
The tcp_smallest_anon_port controls the number of simultaneous connections that can be made to the server. When rlim_fd_max has been increased to above 4096, this value should be decreased, by adding a line similar to the following to the /etc/init.d/inetinit file:
ndd -set /dev/tcp tcp_smallest_anon_port 8192
The tcp_slow_start_initial parameter should be inspected if clients will predominately be using the Windows TCP/IP stack.
The tcp_ip_abort_cinterval controls how long in milliseconds Directory Proxy Server should wait for an LDAP server to respond when establishing a new connection. This value should normally be reduced by adding a line similar to the following to the /etc/init.d/inetinit file:
ndd -set /dev/tcp tcp_ip_abort_cinterval 10000
In some environments, it may also be necessary to change the tcp_ip_abort_interval and tcp_strong_iss tuning parameters.
Windows Environment
This section describes how to prepare your system for installation of Directory Proxy Server on Windows environments.
Privileges
Log on as a user with Administrator privileges.
TEMP Environment
Set the TEMP environment variable to a valid folder for temporary files.
Display Driver
Ensure the display driver supports at least 256 colors.
Obtaining Patches
Unless you plan to install the Solaris packaged version of the product, ensure required patches are installed at this point. Table 2-1 suggests where to look for required patches.
Table 2-1 Where to Obtain Patches, By Platform
Platform
Browse...
Sun Solaris™ Operating Environment
Microsoft Windows
Red Hat Linux
Linux from Sun