Chapter 4
Tuning the Sun ONE Portal Server

This chapter describes the configuration parameters for optimizing the performance and capacity of the Sun™ ONE Portal Server. The perftune script (in portal-server-install-root/SUNWps/bin directory), bundled with Sun ONE Portal Server, automates most of the tuning process discussed in this chapter.

---

Introduction

The perftune script:

Tunes the Solaris™ Operating System Kernel and TCP settings (see Solaris Tuning)
Modifies the following configuration files as part of:
Sun ONE Web Server 6.1 Tuning:
web-server-install-root/SUNWwbsvr/webserver-instance/config/
magnus.conf
web-server-install-root/SUNWwbsvr/webserver-instance/config/
web-apps.xml
web-server-install-root/SUNWwbsvr/webserver-instance/config/
server.xml
web-server-install-root/SUNWwbsvr/https-admserv/start-jvm
Sun ONE Directory Server Tuning:
/var/opt/mps/serverroot/slapd-hostname/config/dse.ldif
Sun ONE Identity Server Tuning:
directory-server-install-root/SUNWam/config/ums/serverconfig.xml
directory-server-install-root/SUNWam/lib/AMConfig.properties
Sun ONE Portal Server Desktop Tuning
/etc/opt/SUNWps/desktop/desktopconfig.properties
Modifies properties of the Sun ONE Portal Server Desktop service and Sun™ ONE Identity Server authentication service.

---

Tuning Strategies

When you run the perftune script, performance tuning options for two typical usage scenarios, called Production Optimum and Production Large, is offered. These scenarios are defined to address the majority of Sun ONE Portal Server usage patterns. These deployment scenarios are characterized by the following:

Production Optimum:
Higher level of concurrent user requests
Small number of connected users (few hundreds per instance)
CPU bound
Most important Java™ Virtual Machine (JVM™) performance factors are throughput and promptness
Predominance of short-lived objects life time distribution
Production Large:
Lower level of concurrent user requests
Large number of connected users (couple thousands per instance)
Memory bound
Most important JVM performance factor is JVM memory capacity
Predominance of long-lived objects life time distribution

For example, during peak hours in a business to enterprise portal, a significant number of the company’s employees connect to the portal at the same time in a production large environment.

---

Memory Allocation

The larger amount of memory to allocate per JVM is determined by two parameters:

Maximum size of physical memory per CPU. On E45* class of machines it is about 1 GB
Recommended number of instances per CPU for performance and scalability is still 1:1 (one instance per CPU) for Sun ONE Portal Server for optimum performance. For production large, the ratio is rather 1:2 (one instance per 2 CPUs) which allows a maximum JVM heap size of 2 GB.

The JVM performance matrix driving the tuning effort looks at the throughput, footprint, and promptness as defined below. The second, third, and fourth columns show the level of performance in the areas of throughput, footprint, and promptness for production optimum and production large environments respectively.

	throughput	footprint	promptness
production optimum	high	less critical	high
production large	less critical	low	less critical

Here:

throughput refers to the time not spent in GC
footprint refers to a working set of process
promptness refers to the time between when a object becomes dead and when memory it occupies becomes available

---

Tuning Instructions

When you run the perftune script, you can specify whether or not to execute the following tuning recommendation. Review the recommendations carefully and use the perftune script to execute these recommended modifications.

To run the perftune script:

Log in to the machine and become super user.

You need root access to run this script.

Change directories to portal-server-install-root/SUNWps/bin.
Enter:

./perftune.

The perftune script performs start and stop operation of servers during tuning process. It creates backup copies of modified files in filename-orig-date-pid format. Reboot the system after running the script to take effect tuning changes.

Solaris Tuning

Kernel Tuning

To the /etc/system file, the script appends the following setters:

File Descriptor Limits - Number of open files limits
set rlim_fd_max=16384
set rlim_fd_cur=16384
Stream queue Size - The depth of the syncq (number of messages) before a destination streams queue generates a QFULL
set sq_max_size=0
TCP Connection Hash Size (<= file descriptors)
set tcp:tcp_conn_hash_size=8192

TCP Parameters Tuning

Changes to TCP parameters (shown within parenthesis) in /dev/tcp include:

TCP Time Wait Interval (tcp_time_wait_interval) - The amount of time a TCP socket will remain in the TIME_WAIT state (after the connection is closed) is set to 60000
TCP Fin Wait 2 Interval (tcp_fin_wait_2_flush_interval) - The amount of time a TCP socket will remain in the FIN_WAIT_2 state (after the connection is closed) is set to 60000
TCP Maximum Connection Size (tcp_conn_req_max_q) - The maximum number of fully established connection is set to 8192
TCP List Queue (tcp_conn_req_max_q0) - The size of the queue containing unestablished connections is set to 8192
TCP Packet Drop Time (tcp_ip_abort_interval) - The amount of time before a packet is dropped is set to 60000
TCP Keep Alive Interval (tcp_keepalive_interval) - This is set to 90000
TCP Maximum Retransmit Interval (tcp_rexmit_interval_max) - This is set to 6000
TCP Minimum Retransmit Interval (tcp_rexmit_interval_min) - This is set to 3000
TCP Initial Retransmit Interval (tcp_rexmit_interval_initial) - This is set to 500
TCP Smallest Anonymous Port (tcp_smallest_anon_port) - This is set to 1024
TCP Initial Packets for Slow Start Algorithm (tcp_slow_start_initial) - This is set to 2
TCP Transmit/Receive Buffer Size Limit (tcp_xmit_hiwat and tcp_recv_hiwat) - These are set to 32768 each

In order to execute the ndd commands automatically when the system is rebooted, the perftune script copies the S99ndds_tcp file into /etc/rc2.d/ directory.

Sun ONE Identity Server Tuning

Directory Server Connection Pool

Changes made to the portal-server-install-root/SUNWam/config/ums/serverconfig.xml file are as follows:

Increases the minimum connection pool size to 10
Increases the maximum connection pool size to 90

LDAP Authentication Service

Updates LDAP connection pools default size (min:max) to 10:90

LDAP Authentication

Specifies DN to Start User Search to ou=people,o=<organization>,o=isp
Specifies Search Scope to OBJECT

Sun ONE Identity Server Services Configuration Parameters

Changes are made to the portal-server-install-root/SUNWam/lib/AMConfig.properties file as follows:

Specifies com.iplanet.am.logstatus to INACTIVE
Increases com.iplanet.am.session.maxSession (default 50000) if expected number of concurrent sessions exceeds this value
Disables com.iplanet.am.session.httpSession.enabled

The following threadpool properties in the /opt/SUNWam/lib/AMConfig.properties file are exposed in Sun ONE Portal Server 6.2:

com.iplanet.am.notification.threadpool.threshold. This property indicates the maximum size of the task queue in the thread pool. The thread pool will reject further requests if the number of unprocessed tasks in the queue exceeds that threshold value. This number depends on the system memory resource. Each task requires about 3k. You should decide how many tasks can be queued given the size of thread pool. A task is queued only when no thread in the pool is available.

The default value is set at 100. This might be high for your particular usage, and can be adjusted. For example use a value of 40 for a 4-CPU Ultra Sparc II or III machine.

com.iplanet.am.notification.threadpool.size. This parameter allows reliable authentication for Sun ONE Portal Server on Sun™ ONE Application Server under a heavy load. The default value is 10 but can be changed. For example, a value of 50 should be used for a 4-CPU Ultra Sparc II or III machine.

Sun ONE Directory Server Tuning

If the Sun™ ONE Directory Server is shared by other applications, you may need to verify that those parameters are not conflicting with the other application’s parameters tuning.

Enough virtual memory space must be provisioned for /tmp/slapd-DSinstance1 and the total amount of used memory, including the allocated for database caching, should not exceed the size of physical memory to avoid paging. In any events, the cumulative values of nsslapd-dbcachesize + nsslapd-cachememsize + fixed memory used for slapd process itself cannot exceed the 4 GB of process address space. Nslapd is a 32-bit application.

With regard to the sizing of resources pooling (connections and threads), Sun ONE Directory Server provides best performance with a concurrency level of around 15 for search type of operations.

The perftune script tunes ns-slapd threading, db cache and database file system mapping in the /var/opt/mps/serverroot/slapd-hostname/config/dse.ldif file as follows:

Under dn: cn=config LDAP entry:
Adds the line nsslapd-threadnumber to nThreads. In most cases, default value (30) should be fine unless a fair amount of profile changes (LDAP writes) is expected, in which case, the script applies the following formula:

    nThreads = 30 for 1 CPU, nThreads = 45 for 2 CPUs, nThreads = 60 for 3 CPUs, nThreads = 90 for 4 CPUs.

Specifies nsslapd-accesslog-logging-enabled to off to disable access log
Under dn: cn=config,cn=ldbm database,cn=plugins,cn=config LDAP entry:
Adds the line nsslapd-db-home-directory to /tmp/slapd-dsame1
Changes the line nsslapd-maxthreadsperconn to 20
Modifies the line nsslapd-dbcachesize to newSize where newSize = 1.2 * size of all db3 files located under /var/opt/mps/serverroot/slapd-hostname/db/userRoot.
Under dn: cn=userRoot,cn=ldbm database,cn=plugins,cn=config LDAP entry, modifies the line nsslapd-cachememsize to newSize where newSize = 3 * the size of id2entry.db3.

Note	If you are tuning the Sun ONE Directory Server manually, you need to stop the Sun ONE Directory Server before tuning these parameters.

Sun ONE Web Server 6.1 Tuning

The following describe the JVM Tuning offered by the perftune script to help tune Sun™ ONE Web Server for Sun ONE Portal Server performance in the Production Optimum and Production Large environments.

For Production Optimum

Heap size

Heap size is the most significant option that needs attention. Consult the Sun ONE Web Server tuning guide for details on these parameters. The perftune script:

Specifies the following in magnus.conf located at web-server-install-root/SUNWwbsvr/https-hostname/config
RqThrottle 256
StackSize 393216
ThreadIncrement 20
ConnQueueSize 20000
Specifies the following (modifications shown in bold) in web-apps.xml file located at web-server-install-root//https-/hostname//config. That is, it:
Defines the following session manager above the web-app tags:

    <session-manager class="com.iplanet.server.http.session.IWSSessionManager>

      <init-param>

        <param-name>maxSessions</param-name>

        <param-value>50000</param-value>

      </init-param>

      <init-param>

        <param-name>timeOut</param-name>

        <param-value>360</param-value>

      </init-param>

      <init-param>

        <param-name>reapInterval</param-name>

        <param-value>180</param-value>

      </init-param>

    </session-manager>

Increases maxSession (default 50000) if expected number of concurrent sessions exceeds this value.
Defines the classes reload interval to 5 minutes (default 30 seconds)

    <class-loader classpath="[...]" delegate="false" reload-interval="300"/>

Specifies the following in server.xml file at web-server-install-root//https-/hostname//config for JVM Tuning
jvm.minHeapSize=1073741824
jvm.maxHeapSize=1073741824
jvm.option=-Xrs
jvm.option=-server
jvm.option=-XX:MaxPermSize=128M
jvm.option=-XX:PermSize=128M
jvm.option=-XX:+OverrideDefaultLibthread
jvm.option=-XX:MaxNewSize=256M
jvm.option=-XX:NewSize=256M
Specifies the following in start-jvm file for alternate T2 libthread

   NSES_JRE_RUNTIME_LIBPATH=/usr/lib/lwp:${NSES_JRE}/lib/sparc/server:${NSES_ JRE}/lib/sparc:${NSES_JRE}/lib/sparc/classic:${NSES_JRE}/lib/sparc/native_ threads;export NSES_JRE_RUNTIME_LIBPATH

For Production Large

Specifies the following in magnus.conf located at web-server-install-root/SUNWwbsvr/https-hostname/config
RqThrottle 256
StackSize 131072
Specifies the following in web-apps.xml file located at web-server-install-root//https-/hostname//config.
Defines the session manager as follows above the web-app tags.:

    <session-manager class="com.iplanet.server.http.session.IWSSessionManager>

      <init-param>

        <param-name>maxSessions</param-name>

        <param-value>50000</param-value>

      </init-param>

      <init-param>

        <param-name>timeOut</param-name>

        <param-value>360</param-value>

      </init-param>

      <init-param>

        <param-name>reapInterval</param-name>

        <param-value>180</param-value>

      </init-param>

    </session-manager>

Increases maxSession (default 50000) if expected number of concurrent sessions exceeds this value.
Specifies the following in server.xml file at web-server-install-root//https-/hostname//config for JVM Tuning

  jvm.minHeapSize=1073741824

  jvm.maxHeapSize=2147483648

  jvm.option=-Xrs

  jvm.option=-server

  jvm.option=-XincGC

  jvm.option=-XX:+UseLWPSynchronization

  jvm.option=-XX:MaxPermSize=128M

  jvm.option=-XX:PermSize=128M

  jvm.option=-XX:+OverrideDefaultLibthread

  jvm.option=-XX:MaxNewSize=256M

  jvm.option=-XX:NewSize=256M

Specifies the following in start-jvm file for alternate T2 libthread

   NSES_JRE_RUNTIME_LIBPATH=/usr/lib/lwp:${NSES_JRE}/lib/sparc/server:${NSES_ JRE}/lib/sparc:${NSES_JRE}/lib/sparc/classic:${NSES_JRE}/lib/sparc/native_ threads;export NSES_JRE_RUNTIME_LIBPATH

Note	JVM Memory Heap size is 1 GB minimum and 2 GB maximum. Young generation is proportionally smaller than for optimum production so that more space is available for connected users. Incremental (or Train) GC is more suitable to large production because GC speed is less of a concern than long pauses due to the potential large size of the old generation.

Note	If you have deployed the Sun ONE Portal Server on an application server web container, the setup script changes the JVM maximum heapsize and minimum heapsize to 128 MB for the application server instance on which the Sun ONE Portal Server is installed. To use a different minimum and maximum JVM heap size, go into the Application Server’s administration console and set the minimum and maximum JVM heap size values of your choice

Sun ONE Application Server 7.0 Tuning

When deploying the Sun ONE Portal Server on the Sun ONE Application Server, the minimum and maximum heap size for the application server instance is set.

The recommended JVM options for Sun ONE Application Server 7.0 are as follows for both JDK 1.4.1_01 and 1.4.2.

If the machine for the server can accommodate only 4 GB of physical memory, then the value -Xms2048M can be used instead of -Xms3072M; with only 4 GB of the physical memory, the JVM will not start if -Xms3072M is set. These JVM options should override the JVM options set by the perftune script.

The full set of JVM parameters includes:

-Xms3072M
-Xmx3072M
-XX:NewSize=256M
-XX:MaxNewSize=256M
-XX:PermSize=256M
-XX:MaxPermSize=256M
-XX:SurvivorRatio=128
-XX:SoftRefLRUPolicyMSPerMB=0
-XX:MaxTenuringThreshold=1
-XX:+UseParNewGC
-XX:+UseConcMarkSweepGC
-XX:+DisableExplicitGC
-XX:+OverrideDefaultLibthread

Setting Additional Sun ONE Application Server Parameters for Gateway Reliability

To achieve optimal performance using Secure Remote Access, configure your implementation as follows:

Modify the identity-server-install-root/SUNWam/lib/configAmConfig.properties file to set the notification threadpool size for the application server. At the top of the file just below the following lines:

Sun, Sun Microsystems, the Sun logo, and iPlanet * are trademarks or registered trademarks of Sun Microsystems, * Inc. in the United States and other countries.

add the following lines to set the threadpool size to 200:

/*Notification Thread Pool Size*/ com.iplanet.am.notification.threadpool.size=200

Log into the Portal Server administration console with the user name amadmin and the passphrase you entered during the installation.
Select Service Management in the View menu.
Select SRA Configuration and then Gateway.
Select the default server and click Edit.
Check the Enable HTTP Connections checkbox.
In the HTTP Port field, type 80 and click Save.
Log in to the Sun ONE Application Server administration console as administrator (admin) by entering http://fullservername:port in your browser’s web address field. The default port is 4848. Use the password you entered at installation.
Select the application server instance where you installed the Identity Server.
Click JVM Settings and then JVM Options.
In the JVM Option field, enter the following string:

-Dhttp.keepAlive=false

Click Add and then Save.
Select the application server instance on which you will install Portal Server.

The right pane shows that the configuration has changed.

Click Apply Changes.
Click Restart.
The application server should automatically restart.
On the server where the gateway is installed, go to the /opt/SUNWps/bin/perf directory and enter the following to run a script that will set tuning parameters for Secure Remote Access:

./srapperftune

Modify the identity-server-install-root/SUNWam/lib/configAmConfig.properties file to set the notification threadpool size for the gateway. At the top of the file just below the following lines:

Sun, Sun Microsystems, the Sun logo, and iPlanet * are trademarks or registered trademarks of Sun Microsystems, * Inc. in the United States and other countries.

add the following lines to set the threadpool size to 200:

/*Notification Thread Pool Size*/ com.iplanet.am.notification.threadpool.size=200

Go to the /opt/SUNWps/bin directory and modify the gateway file to set the -Dhttp.keepAlive option to false and to increase the settings for the -Xms and -Xmx heap size options.

By default, the srapperftune script sets the -Xms and -Xmx heap size options to 1024. In the line defining the CMD settings options, increase the default values defined for -Xms and -Xmx options to 2048 and add the string -Dhttp.keepAlive=false. For example, the correct lines would be:

CMD="$JAVA_HOME/bin/java -server -Xms2048M -Xmx2048M -XX:+OverrideDefaultLibthread -XX:ThreadStackSize=128 -XX:MaxPermSize=128M -XX:PermSize=128M -XX:MaxNewSize=256M -XX:NewSize=256M -Dhttp.keepAlive=false -classpath ${CLASSPATH} $DEFINES $PROXY_DEFINES $INSTANCE_DEFINES com.sun.portal.netlet.eproxy.EProxy"

Modify the /etc/opt/SUNWps/platform.conf.default file to set the gateway.protocol parameter to http and the gateway.port parameter to port 80 as follows:

gateway.protocol=http

gateway.port=80

Restart the gateway for the changes to take effect by typing the following command:

portal-server-install-root/SUNWps/bin/gateway -n default start

where default is the default gateway profile created during installation.

Sun ONE Portal Server Desktop Tuning

For Production Optimum

For optimizing the Desktop Sessions, it disables Enable XML Parsing Validation

Desktop sessions are different and disjoint from Sun ONE Identity Server SSOToken sessions. If a Desktop session times out before the Sun ONE Identity Server session expires, the Desktop transparently rebuilds the Desktop session when it is queried. Decreasing Desktop sessions idle time-out helps reclaiming memory used by session objects assuming production optimum is characterized by short-lived user sessions.

The caller parameters are used to size the thread pool to render content through the providers. The caller pool is initialized to size 0. Items are added to to the pool as they are used and returned. The caller pool can expand to a very large size, however, in the normal case it will only be as big as the number of channels on the user’s Desktop. In cases where there are multiple concurrent threads with the same sid, the pool may expand to an size that is n * m, where n = the number of concurrent same-sid threads and m = the number of channels on the Portal Desktop for the given sid.

The perftune script changes the following parameters for optimizing Provider Caller Resource Pooling, in the /etc/opt/SUNWps/desktop/desktopconfig.properties file:

Increases callerPoolMinSize to 128
Increases callerPoolMaxSize to 512
Increases callerPoolPartitionSize to 16
Increases templateScanInterval to 3600

For Production Large

The caller parameters are used to size the thread pool to render content through the providers. The caller pool is initialized to size 0. Items are added to the pool as they are used and returned. The caller pool can expand to a very large size, however, in the normal case it will only be as big as the number of channels on the user’s Portal Desktop. In cases where there are multiple concurrent threads with the same sid, the pool may expand to an size that is n * m, where n = the number of concurrent same-sid threads and m = the number of channels on the Portal Desktop for the given sid.

The perftune script changes the following parameters for optimizing the Provider Caller Resource Pooling, in the /etc/opt/SUNWps/desktop/desktopconfig.properties file:

Increases callerPoolMinSize to 128
Increases callerPoolMaxSize to 512
Increases callerPoolPartitionSize to 16
Increases templateScanInterval to 3600

To minimize unnecessary memory growth due to spawning of Portal Desktop caller threads when performing long-run tests, these properties (except for templateScanInterval) should be changed back to their original default values.

Make the following changes to these properties:

Change callerPoolMinSize back to 0
Change callerPoolMaxSize back to 0
Change callerPoolPartitionSize back to 0
Increase the templateScanInterval property from 30 to 3600

Previous      Contents      Index      Next

---

Copyright 2003 Sun Microsystems, Inc. All rights reserved.