The Sun JavaTM System Access Manager 7 2005Q4 tuning scripts allow you to tune Access Manager and other components of your deployment, including Sun Java System Directory Server, the web container running Access Manager, and the SolarisTM Operating System (OS) kernel.
This chapter includes the following topics:
It is highly recommended that you apply the latest Access Manager 7 2005Q4 patch, available for both Solaris SPARC and Solaris x86 systems. You can request this patch from your Sun Microsystems technical representative.
The Access Manager 7 2005Q4 patch resets the LDAP connection values in the /etc/opt/SUNWam/config/serverconfig.xml file to their default values. Therefore, be sure to apply this patch before you run the amtune-identity script.
The Access Manager tuning scripts are non-interactive. To run a script, you first edit the parameters in the amtune-env configuration file to specify the tuning options you want to set for your specific environment. Then, you run either the amtune script, which calls other scripts as needed, or a specific script. For example, you might run only the amtune-identity script to tune only Access Manager.
The Access Manager tuning scripts and the amtune-env configuration file are installed in the following directory, depending on your platform:
AccessManager-base is the Access Manager 7 2005Q4 base installation directory. The default base installation directory is /opt on Solaris systems and /opt/sun on Linux systems.
The following table describes the tuning scripts that are available in the Access Manager 7 2005Q4 release.
Table 2–1 Access Manager Tuning Scripts
Script |
Description |
---|---|
Wrapper script that calls other scripts based on values in the amtune-env file. |
|
Tunes the installed instance of Access Manager. |
|
amtune-os |
Tunes the Solaris OS kernel and TCP/IP parameters. |
Tunes the Sun Java System Web Server 2005Q4 (6.1) Web container. |
|
Tunes the Sun Java System Application Server Enterprise Edition 8 (8.1) Web container. |
|
Tunes the Sun Java System Application Server 7 Web container. |
|
Generates the amtune-directory script, which you can use to tune the Directory Server that supports Access Manager. For more information, see Chapter 3, Directory Server Tuning. |
The Access Manager tuning scripts can run in the following modes, as determined by the AMTUNE_MODE parameter in the amtune-env file.
REVIEW mode (default). The scripts return tuning recommendations for an Access Manager deployment, but they do not make any actual changes to the environment.
CHANGE mode. The scripts make all of the tuning modifications that are defined in the amtune-env file, except for Directory Server. For more information, see Chapter 3, Directory Server Tuning.
In either mode, the scripts return a list of tuning recommendations to the amtune debug log file and the terminal window. The location of the log file is determined by the com.iplanet.services.debug.directory parameter in the AMConfig.properties file. The default debug directory depends on your platform:
Solaris systems: /var/opt/SUNWam/debug
Linux systems: /var/opt/sun/identity/debug
Tuning is an iterative process that can vary for different deployments. The Access Manager tuning scripts try to apply the optimal tuning parameter settings. However, each deployment is unique and might require further customization to suit specific requirements.
Therefore, use CHANGE mode only after you have reviewed and understand the tuning changes that will be applied to your deployment.
To run a tuning script, use the following syntax:
amtune-script admin_password dirmanager_password [ as8_admin_password ] |
The tuning script parameters are:
amtune-script is one of the tuning scripts: amtune, amtune-identity, amtune-os, amtune-ws61, amtune-as7, amtune-as8, or amtune-prepareDSTuner.
admin_password is the Access Manager Administrator password.
dirmanager_password is the Directory Manager (cn=Directory Manager) password.
as8_admin_password is the Administrator password that is required if you are tuning Application Server (WEB_CONTAINER is set to AS8).
This section describes the basic steps to run an Access Manager Tuning script.
If you have not run the scripts in REVIEW mode, ensure that AMTUNE_MODE is set to REVIEW (default value) in the amtune-env file.
Edit other parameters in the amtune-env file, depending on the components you want to tune:
Access Manager amtune-env file parameters
Installation environment tuning parameters
Application Server 8 Tuning Parameters (if Application Server 8 is the web container)
To tune the Directory Server that supports Access Manager, see Chapter 3, Directory Server Tuning.
In REVIEW mode, run either the amtune script or one of the component scripts.
Review the tuning recommendations in the debug log file. If needed, make changes to the amtune-env file based on this run.
If you are satisfied with the tuning recommendations from the REVIEW mode run, set AMTUNE_MODE to CHANGE in the amtune-env file.
In CHANGE mode, run either the amtune script or one of the component scripts. For example, to tune the Solaris OS, run amtune-os, as follows:
# ./amtune-os admin_password dirmanager_password |
Check the debug log file for the results of the run.
In CHANGE mode, the amtune script might need to restart the Web container and Access Manager. In some instances, amtune might also recommend a system restart.
The amtune-env file contains the following parameters to define the tuning options for an Access Manager deployment:
Access Manager tuning parameters
Installation environment tuning parameters
Application Server 8 tuning parameters
For a description of the Directory Server parameters, see Chapter 3, Directory Server Tuning.
The following table describes the specific parameters for tuning Access Manager.
Table 2–2 Access Manager Tuning Parameters
Parameter |
Description |
---|---|
Sets the tuning mode to one of the following:
Default: REVIEW |
|
Tunes the Solaris OS kernel and TCP/IP settings. Default: true |
|
Generates a script to tune the Directory Server that supports Access Manager. Default: true |
|
Tunes the Access Manager web container, which can be either Web Server or Application Server. Default: true |
|
Tunes the installed instance of Access Manager. Default: true |
|
Identifies the prefix for the amtune log file. If this parameter is set, all operations performed by the amtune scripts are logged. The location of the log file is determined by the com.iplanet.services.debug.directory parameter in the AMConfig.properties file. If this parameter is not set, information is not logged, and all output is sent to /dev/null. Default: amtune |
|
Specifies the percent of available memory used by Access Manager. Currently, Access Manager can use a maximum of 4 GB, which is the per process address space limit for 32-bit applications. Access Manager requires a minimum of 256 MB RAM. When you set AMTUNE_PCT_MEMORY_TO_USE to 100, the maximum space allocated for Access Manager is the minimum between 4 GB and 100% of available RAM. When you set AMTUNE_PCT_MEMORY_TO_USE to 0, Access Manager is configured to use 256 MB RAM Default: 75 The following values are derived from this parameter setting:
AMConfig.properties File Settings Notification thread pool settings: com.iplanet.am.notification.threadpool.size com.iplanet.am.notification.threadpool.threshold SDK cache maximum size setting: com.iplanet.am.sdk.cache.maxsize Session settings: com.iplanet.am.session.httpSession.enabled com.iplanet.am.session.maxSessions |
|
Sets the available stack space per thread in Java (Web container). The per thread stack size is used to tune various thread-related parameters in Access Manager and the Web container. Default: 128 KB Caution: Do not change this value unless absolutely necessary. |
|
Specifies whether session time-out tuning using the next three parameters is enabled. To enable, set to false. Default: true |
|
Sets the maximum session time in minutes. Default: 60 However, the default value might be different for your installation. If the session service is registered and customized at the any other level, the tuning will not apply. Setting this parameter to very high or very low values affects the number of active user sessions an Access Manager deployment can support, so this parameter is optional for tuning purposes. To use this parameter, AM_TUNE_DONT_TOUCH_SESSION_PARAMETERS must be set to false. |
|
Sets the maximum idle time for a session in minutes. Default: 10 However, the default value might be different for your installation. If the Session service is registered and customized at the any other level, the tuning will not apply. Setting this parameter to very high or very low values affects the number of active user sessions an Access Manager deployment can support, so this parameter is optional for tuning purposes. To use this parameter, AM_TUNE_DONT_TOUCH_SESSION_PARAMETERS must be set to false. |
|
Sets the maximum session cache time in minutes. Default: 2 However, the default value might be different for your installation. If the Session service is registered and customized at the any other level, the tuning will not apply. Setting this parameter to very high or very low values affects the number of active use sessions an Access Manager deployment can support, so this parameter is optional for tuning purposes. To use this parameter, AM_TUNE_DONT_TOUCH_SESSION_PARAMETERS must be set to false. |
The following table describes the Access Manager installation environment tuning parameters.
Table 2–3 Installation Environment Tuning Parameters
The following table describes the tuning parameters that you can set when you are using Application Server 8 as the Access Manager web container.
Table 2–4 Application Server 8 Web Container Tuning Parameters