Sun ONE Portal Server 6.2 Installation Guide |
Chapter 4
Tuning the Sun ONE Portal ServerThis chapter describes the configuration parameters for optimizing the performance and capacity of the Sun ONE Portal Server. The perftune script (in portal-server-install-root/SUNWps/bin directory), bundled with Sun ONE Portal Server, automates most of the tuning process discussed in this chapter.
IntroductionThe perftune script:
- Tunes the Solaris Operating System Kernel and TCP settings (see Solaris Tuning)
- Modifies the following configuration files as part of:
- Modifies properties of the Sun ONE Portal Server Desktop service and Sun ONE Identity Server authentication service.
Tuning StrategiesWhen you run the perftune script, performance tuning options for two typical usage scenarios, called Production Optimum and Production Large, is offered. These scenarios are defined to address the majority of Sun ONE Portal Server usage patterns. These deployment scenarios are characterized by the following:
For example, during peak hours in a business to enterprise portal, a significant number of the company’s employees connect to the portal at the same time in a production large environment.
Memory AllocationThe larger amount of memory to allocate per JVM is determined by two parameters:
- Maximum size of physical memory per CPU. On E45* class of machines it is about 1 GB
- Recommended number of instances per CPU for performance and scalability is still 1:1 (one instance per CPU) for Sun ONE Portal Server for optimum performance. For production large, the ratio is rather 1:2 (one instance per 2 CPUs) which allows a maximum JVM heap size of 2 GB.
The JVM performance matrix driving the tuning effort looks at the throughput, footprint, and promptness as defined below. The second, third, and fourth columns show the level of performance in the areas of throughput, footprint, and promptness for production optimum and production large environments respectively.
throughput
footprint
promptness
production optimum
high
less critical
high
production large
less critical
low
less critical
Here:
Tuning InstructionsWhen you run the perftune script, you can specify whether or not to execute the following tuning recommendation. Review the recommendations carefully and use the perftune script to execute these recommended modifications.
To run the perftune script:
The perftune script performs start and stop operation of servers during tuning process. It creates backup copies of modified files in filename-orig-date-pid format. Reboot the system after running the script to take effect tuning changes.
Solaris Tuning
Kernel Tuning
To the /etc/system file, the script appends the following setters:
TCP Parameters Tuning
Changes to TCP parameters (shown within parenthesis) in /dev/tcp include:
- TCP Time Wait Interval (tcp_time_wait_interval) - The amount of time a TCP socket will remain in the TIME_WAIT state (after the connection is closed) is set to 60000
- TCP Fin Wait 2 Interval (tcp_fin_wait_2_flush_interval) - The amount of time a TCP socket will remain in the FIN_WAIT_2 state (after the connection is closed) is set to 60000
- TCP Maximum Connection Size (tcp_conn_req_max_q) - The maximum number of fully established connection is set to 8192
- TCP List Queue (tcp_conn_req_max_q0) - The size of the queue containing unestablished connections is set to 8192
- TCP Packet Drop Time (tcp_ip_abort_interval) - The amount of time before a packet is dropped is set to 60000
- TCP Keep Alive Interval (tcp_keepalive_interval) - This is set to 90000
- TCP Maximum Retransmit Interval (tcp_rexmit_interval_max) - This is set to 6000
- TCP Minimum Retransmit Interval (tcp_rexmit_interval_min) - This is set to 3000
- TCP Initial Retransmit Interval (tcp_rexmit_interval_initial) - This is set to 500
- TCP Smallest Anonymous Port (tcp_smallest_anon_port) - This is set to 1024
- TCP Initial Packets for Slow Start Algorithm (tcp_slow_start_initial) - This is set to 2
- TCP Transmit/Receive Buffer Size Limit (tcp_xmit_hiwat and tcp_recv_hiwat) - These are set to 32768 each
In order to execute the ndd commands automatically when the system is rebooted, the perftune script copies the S99ndds_tcp file into /etc/rc2.d/ directory.
Sun ONE Identity Server Tuning
Directory Server Connection Pool
Changes made to the portal-server-install-root/SUNWam/config/ums/serverconfig.xml file are as follows:
LDAP Authentication Service
LDAP Authentication
Sun ONE Identity Server Services Configuration Parameters
Changes are made to the portal-server-install-root/SUNWam/lib/AMConfig.properties file as follows:
The following threadpool properties in the /opt/SUNWam/lib/AMConfig.properties file are exposed in Sun ONE Portal Server 6.2:
- com.iplanet.am.notification.threadpool.threshold. This property indicates the maximum size of the task queue in the thread pool. The thread pool will reject further requests if the number of unprocessed tasks in the queue exceeds that threshold value. This number depends on the system memory resource. Each task requires about 3k. You should decide how many tasks can be queued given the size of thread pool. A task is queued only when no thread in the pool is available.
Sun ONE Directory Server Tuning
If the Sun ONE Directory Server is shared by other applications, you may need to verify that those parameters are not conflicting with the other application’s parameters tuning.
Enough virtual memory space must be provisioned for /tmp/slapd-DSinstance1 and the total amount of used memory, including the allocated for database caching, should not exceed the size of physical memory to avoid paging. In any events, the cumulative values of nsslapd-dbcachesize + nsslapd-cachememsize + fixed memory used for slapd process itself cannot exceed the 4 GB of process address space. Nslapd is a 32-bit application.
With regard to the sizing of resources pooling (connections and threads), Sun ONE Directory Server provides best performance with a concurrency level of around 15 for search type of operations.
The perftune script tunes ns-slapd threading, db cache and database file system mapping in the /var/opt/mps/serverroot/slapd-hostname/config/dse.ldif file as follows:
- Under dn: cn=config LDAP entry:
- Adds the line nsslapd-threadnumber to nThreads. In most cases, default value (30) should be fine unless a fair amount of profile changes (LDAP writes) is expected, in which case, the script applies the following formula:
nThreads = 30 for 1 CPU, nThreads = 45 for 2 CPUs, nThreads = 60 for 3 CPUs, nThreads = 90 for 4 CPUs.
- Specifies nsslapd-accesslog-logging-enabled to off to disable access log
- Under dn: cn=config,cn=ldbm database,cn=plugins,cn=config LDAP entry:
- Under dn: cn=userRoot,cn=ldbm database,cn=plugins,cn=config LDAP entry, modifies the line nsslapd-cachememsize to newSize where newSize = 3 * the size of id2entry.db3.
Sun ONE Web Server 6.1 Tuning
The following describe the JVM Tuning offered by the perftune script to help tune Sun ONE Web Server for Sun ONE Portal Server performance in the Production Optimum and Production Large environments.
For Production Optimum
Heap size
Heap size is the most significant option that needs attention. Consult the Sun ONE Web Server tuning guide for details on these parameters. The perftune script:
- Specifies the following in magnus.conf located at web-server-install-root/SUNWwbsvr/https-hostname/config
- Specifies the following (modifications shown in bold) in web-apps.xml file located at web-server-install-root//https-/hostname//config. That is, it:
- Defines the following session manager above the web-app tags:
<session-manager class="com.iplanet.server.http.session.IWSSessionManager>
<init-param>
<param-name>maxSessions</param-name>
<param-value>50000</param-value>
</init-param>
<init-param>
<param-name>timeOut</param-name>
<param-value>360</param-value>
</init-param>
<init-param>
<param-name>reapInterval</param-name>
<param-value>180</param-value>
</init-param>
</session-manager>
- Increases maxSession (default 50000) if expected number of concurrent sessions exceeds this value.
- Defines the classes reload interval to 5 minutes (default 30 seconds)
<class-loader classpath="[...]" delegate="false" reload-interval="300"/>
- Specifies the following in server.xml file at web-server-install-root//https-/hostname//config for JVM Tuning
- Specifies the following in start-jvm file for alternate T2 libthread
NSES_JRE_RUNTIME_LIBPATH=/usr/lib/lwp:${NSES_JRE}/lib/sparc/server:${NSES_ JRE}/lib/sparc:${NSES_JRE}/lib/sparc/classic:${NSES_JRE}/lib/sparc/native_ threads;export NSES_JRE_RUNTIME_LIBPATH
For Production Large
- Specifies the following in magnus.conf located at web-server-install-root/SUNWwbsvr/https-hostname/config
- Specifies the following in web-apps.xml file located at web-server-install-root//https-/hostname//config.
- Defines the session manager as follows above the web-app tags.:
<session-manager class="com.iplanet.server.http.session.IWSSessionManager>
<init-param>
<param-name>maxSessions</param-name>
<param-value>50000</param-value>
</init-param>
<init-param>
<param-name>timeOut</param-name>
<param-value>360</param-value>
</init-param>
<init-param>
<param-name>reapInterval</param-name>
<param-value>180</param-value>
</init-param>
</session-manager>
- Increases maxSession (default 50000) if expected number of concurrent sessions exceeds this value.
- Specifies the following in server.xml file at web-server-install-root//https-/hostname//config for JVM Tuning
jvm.minHeapSize=1073741824
jvm.maxHeapSize=2147483648
jvm.option=-Xrs
jvm.option=-server
jvm.option=-XincGC
jvm.option=-XX:+UseLWPSynchronization
jvm.option=-XX:MaxPermSize=128M
jvm.option=-XX:PermSize=128M
jvm.option=-XX:+OverrideDefaultLibthread
jvm.option=-XX:MaxNewSize=256M
jvm.option=-XX:NewSize=256M
- Specifies the following in start-jvm file for alternate T2 libthread
NSES_JRE_RUNTIME_LIBPATH=/usr/lib/lwp:${NSES_JRE}/lib/sparc/server:${NSES_ JRE}/lib/sparc:${NSES_JRE}/lib/sparc/classic:${NSES_JRE}/lib/sparc/native_ threads;export NSES_JRE_RUNTIME_LIBPATH
Sun ONE Application Server 7.0 Tuning
When deploying the Sun ONE Portal Server on the Sun ONE Application Server, the minimum and maximum heap size for the application server instance is set.
The recommended JVM options for Sun ONE Application Server 7.0 are as follows for both JDK 1.4.1_01 and 1.4.2.
If the machine for the server can accommodate only 4 GB of physical memory, then the value -Xms2048M can be used instead of -Xms3072M; with only 4 GB of the physical memory, the JVM will not start if -Xms3072M is set. These JVM options should override the JVM options set by the perftune script.
The full set of JVM parameters includes:
Setting Additional Sun ONE Application Server Parameters for Gateway Reliability
To achieve optimal performance using Secure Remote Access, configure your implementation as follows:
- Modify the identity-server-install-root/SUNWam/lib/configAmConfig.properties file to set the notification threadpool size for the application server. At the top of the file just below the following lines:
Sun, Sun Microsystems, the Sun logo, and iPlanet
* are trademarks or registered trademarks of Sun Microsystems,
* Inc. in the United States and other countries.
add the following lines to set the threadpool size to 200:
/*Notification Thread Pool Size*/ com.iplanet.am.notification.threadpool.size=200
- Log into the Portal Server administration console with the user name amadmin and the passphrase you entered during the installation.
- Select Service Management in the View menu.
- Select SRA Configuration and then Gateway.
- Select the default server and click Edit.
- Check the Enable HTTP Connections checkbox.
- In the HTTP Port field, type 80 and click Save.
- Log in to the Sun ONE Application Server administration console as administrator (admin) by entering http://fullservername:port in your browser’s web address field. The default port is 4848. Use the password you entered at installation.
- Select the application server instance where you installed the Identity Server.
- Click JVM Settings and then JVM Options.
- In the JVM Option field, enter the following string:
-Dhttp.keepAlive=false
- Click Add and then Save.
- Select the application server instance on which you will install Portal Server.
The right pane shows that the configuration has changed.
- Click Apply Changes.
- Click Restart.
- The application server should automatically restart.
- On the server where the gateway is installed, go to the /opt/SUNWps/bin/perf directory and enter the following to run a script that will set tuning parameters for Secure Remote Access:
./srapperftune
- Modify the identity-server-install-root/SUNWam/lib/configAmConfig.properties file to set the notification threadpool size for the gateway. At the top of the file just below the following lines:
Sun, Sun Microsystems, the Sun logo, and iPlanet
* are trademarks or registered trademarks of Sun Microsystems,
* Inc. in the United States and other countries.
add the following lines to set the threadpool size to 200:
/*Notification Thread Pool Size*/ com.iplanet.am.notification.threadpool.size=200
- Go to the /opt/SUNWps/bin directory and modify the gateway file to set the -Dhttp.keepAlive option to false and to increase the settings for the -Xms and -Xmx heap size options.
By default, the srapperftune script sets the -Xms and -Xmx heap size options to 1024. In the line defining the CMD settings options, increase the default values defined for -Xms and -Xmx options to 2048 and add the string -Dhttp.keepAlive=false. For example, the correct lines would be:
CMD="$JAVA_HOME/bin/java -server -Xms2048M -Xmx2048M -XX:+OverrideDefaultLibthread -XX:ThreadStackSize=128 -XX:MaxPermSize=128M -XX:PermSize=128M -XX:MaxNewSize=256M -XX:NewSize=256M -Dhttp.keepAlive=false -classpath ${CLASSPATH} $DEFINES $PROXY_DEFINES $INSTANCE_DEFINES com.sun.portal.netlet.eproxy.EProxy"
- Modify the /etc/opt/SUNWps/platform.conf.default file to set the gateway.protocol parameter to http and the gateway.port parameter to port 80 as follows:
gateway.protocol=http
gateway.port=80
- Restart the gateway for the changes to take effect by typing the following command:
portal-server-install-root/SUNWps/bin/gateway -n default start
- where default is the default gateway profile created during installation.
Sun ONE Portal Server Desktop Tuning
For Production Optimum
Desktop sessions are different and disjoint from Sun ONE Identity Server SSOToken sessions. If a Desktop session times out before the Sun ONE Identity Server session expires, the Desktop transparently rebuilds the Desktop session when it is queried. Decreasing Desktop sessions idle time-out helps reclaiming memory used by session objects assuming production optimum is characterized by short-lived user sessions.
- The caller parameters are used to size the thread pool to render content through the providers. The caller pool is initialized to size 0. Items are added to to the pool as they are used and returned. The caller pool can expand to a very large size, however, in the normal case it will only be as big as the number of channels on the user’s Desktop. In cases where there are multiple concurrent threads with the same sid, the pool may expand to an size that is n * m, where n = the number of concurrent same-sid threads and m = the number of channels on the Portal Desktop for the given sid.
For Production Large
The caller parameters are used to size the thread pool to render content through the providers. The caller pool is initialized to size 0. Items are added to the pool as they are used and returned. The caller pool can expand to a very large size, however, in the normal case it will only be as big as the number of channels on the user’s Portal Desktop. In cases where there are multiple concurrent threads with the same sid, the pool may expand to an size that is n * m, where n = the number of concurrent same-sid threads and m = the number of channels on the Portal Desktop for the given sid.
The perftune script changes the following parameters for optimizing the Provider Caller Resource Pooling, in the /etc/opt/SUNWps/desktop/desktopconfig.properties file:
To minimize unnecessary memory growth due to spawning of Portal Desktop caller threads when performing long-run tests, these properties (except for templateScanInterval) should be changed back to their original default values.
Make the following changes to these properties: