Configuring Server-Side Properties (Sun OpenSSO Enterprise 8.0 Performance Tuning Guide)

Sun OpenSSO Enterprise 8.0 Performance Tuning Guide

Configuring Server-Side Properties

The following two properties do not exist in the OpenSSO Enterprise administration console by default. These properties must be added manually in the advanced properties section of the OpenSSO Enterprise administration console:

com.sun.identity.policy.resultsCacheResourceCap

The default value is 100. This means that a maximum of 100 rules can be cached in subtree mode.

This property should be always equal to the total number of rules configured in the system. Otherwise, when the maximum cache limits are reached for the resource cache, and if a new rule or resource is accessed, then the oldest cached rule and all the sessions cached for that rule will be removed. If you have large number of rules, configure this value to the total number of most frequently accessed rules.

com.sun.identity.policy.resultsCacheSessionCap

The default value is 1000. Total number of policy objects is (100 *1000) or 100,000 maximum.

The resourceCap should be always tuned. The SessionCap should be tuned accordingly only when you observer high latency for policy requests or responses, and you observe repeated policy requests from the same policy agent for the same user. This usually does not occur unless the user session stays active for a very long period. The policies are also cached on the policy agent.

If you increase the ResourceCap value correspondingly, you should also reduce the SessionCap value to limit the total number of policy objects cached, and to maintain unchanged the maximum number of sessions supported on the server. The following table illustrates how the policy cache configuration effects the number of sessions supported. The SDK cache size is set to 10,000 for all of the tests. If the SDK cache is increased, the maximum number of sessions will be reduced accordingly.

Table 3–1 Policy Session Cache Configuration and Number of Sessions Supported


Policy Session Cache Configuration	Maximum Number of Sessions Supported
1000 (100 * 1000 = 100,000 policy decision objects)	200,000
2000 (100 * 2000 = 200,000 policy decision objects)	150,000
3000 (100 * 3000 = 300,000 policy decision objects)	90,000
4000 (100 * 4000 = 400,000 policy decision objects)	40,000