Sun Java System Portal Server 6 2005Q4 Administration Guide |
Chapter 19
Tuning the Portal ServerThis chapter describes the configuration parameters for optimizing the performance and capacity of the Sun Java System Portal Server. The perftune script (in PortalServer-base/SUNWps/bin directory), bundled with Portal Server, automates most of the tuning process discussed in this chapter.
Updates to the perftune script for this release include:
- A safeguard that prevents the script from tuning a system that does not have enough memory.
- The ability to tune Portal Server and Access Manager instances that are installed on separate machines.
- New JVM tuning parameters.
IntroductionThe perftune script:
- Tunes the Solaris Operating System Kernel and TCP settings (see Solaris Tuning)
- Modifies the following configuration files as part of:
- Modifies properties of the Portal Server Desktop service and Sun Java System Access Manager authentication service.
Tuning InstructionsTo run the perftune script:
The perftune script performs start and stop operation of servers during tuning process. It creates backup copies of modified files in filename-orig-date-pid format. Reboot the system after running the script to take effect tuning changes.
Solaris Tuning
Kernel Tuning
To the /etc/system file, the script appends the following setters:
The original file (/etc/system) is copied to a file of the format:
/etc/system-orig-’$DATE+%y%m%d’-$$
Note
Most of the files get backed up. The script creates backup copies of modified files in respective directories in the following format: filename-orig-date-pid
TCP Parameters Tuning
Changes to TCP parameters (shown within parenthesis) in /dev/tcp include:
- TCP Time Wait Interval (tcp_time_wait_interval)—The amount of time a TCP socket remains in the TIME_WAIT state (after the connection is closed) is set to 60000
- TCP Fin Wait 2 Interval (tcp_fin_wait_2_flush_interval)—The amount of time a TCP socket remains in the FIN_WAIT_2 state (after the connection is closed) is set to 67500
- TCP Maximum Connection Size (tcp_conn_req_max_q)—The maximum number of fully established connection is set to 8192
- TCP List Queue (tcp_conn_req_max_q0)—The size of the queue containing unestablished connections is set to 8192
- TCP Packet Drop Time (tcp_ip_abort_interval)—The amount of time before a packet is dropped is set to 60000
- TCP Keep Alive Interval (tcp_keepalive_interval)—This is set to 90000
- TCP Maximum Retransmit Interval (tcp_rexmit_interval_max)—This is set to 6000
- TCP Minimum Retransmit Interval (tcp_rexmit_interval_min)—This is set to 3000
- TCP Initial Retransmit Interval (tcp_rexmit_interval_initial)—This is set to 500
- TCP Smallest Anonymous Port (tcp_smallest_anon_port)—This is set to 1024
- TCP Initial Packets for Slow Start Algorithm (tcp_slow_start_initial)—This is set to 2
- TCP Transmit/Receive Buffer Size Limit (tcp_xmit_hiwat and tcp_recv_hiwat) —These are set to 32768 each
To execute the ndd commands automatically when the system is rebooted, the perftune script copies the S99ndds_tcp file into /etc/rc2.d/ directory.
Sun Java System Access Manager Tuning
This section provides information about the Directory Server connection pool, LDAP authentication, and confirmation parameters.
Directory Server Connection Pool
Changes made to the /etc/opt/SUNWam/config/serverconfig.xml file are as follows:
LDAP Authentication Service
Sun Java System Access Manager Services Configuration Parameters
Changes are made to the /etc/opt/SUNWam/config/AMConfig.properties file as follows:
- Specifies com.iplanet.am.logstatus to INACTIVE
- Increases com.iplanet.am.session.maxSession (default 50000) if expected number of concurrent sessions exceeds this value
- Disables com.iplanet.am.session.httpSession.enabled
- Specifies com.iplanet.am.sdk.cache.maxSize=DSAME_MAX_CACHE_SIZE where DSAME_MAX_CACHE_SIZE is based on Access Manager and Portal Server tuning guide recommendations.
DSAME_MAX_CACHE_SIZE=(MAX_CONCURRENT_SESSIONS) * (2 + services registered) where MAX_CONCURRENT_SESSIONS=7000, and services registered=3 (default).- Specifies com.iplanet.am.stats.interval with the value 60.
- Specifies com.iplanet.am.session.purgedelay with the value 5.
- Specifies com.iplanet.services.stats.state with the value file.
- Specifies com.iplanet.services.states.directory with the value /var/opt/SUNWam/debug.
Polling mode is enabled if Access Manager and Portal Server are installed on separate machines. Polling mode provides the following options:
The following threadpool properties in the /opt/SUNWam/lib/AMConfig.properties file are exposed:
- com.iplanet.am.notification.threadpool.threshold. This property indicates the maximum size of the task queue in the thread pool. The thread pool rejects further requests if the number of unprocessed tasks in the queue exceeds that threshold value. This number depends on the system memory resource. Each task requires about 3k. You should decide how many tasks can be queued given the size of thread pool. A task is queued only when no thread in the pool is available.
Sun Java System Directory Server Tuning
If the Sun Java System Directory Server is shared by other applications, you may need to verify that those parameters are not conflicting with the other application’s parameters tuning.
Enough virtual memory space must be provisioned for /tmp/slapd-DSinstance1 and the total amount of used memory, including the allocated for database caching, should not exceed the size of physical memory to avoid paging. In any events, the cumulative values of nsslapd-dbcachesize + nsslapd-cachememsize + fixed memory used for slapd process itself cannot exceed the 4 GB of process address space. Nsslapd is a 32-bit application.
With regard to the sizing of resources pooling (connections and threads), Sun Java System Directory Server provides best performance with a concurrency level of around 15 for search type of operations.
The perftune script tunes ns-slapd threading, db cache and database file system mapping in the /var/opt/mps/serverroot/slapd-hostname/config/dse.ldif file as follows:
- Under dn: cn=config LDAP entry:
- Adds the line nsslapd-threadnumber to nThreads. In most cases, default value (30) should be fine unless a fair amount of profile changes (LDAP writes) is expected, in which case, the script applies the following formula:
nThreads = 30 for 1 CPU, nThreads = 45 for 2 CPUs, nThreads = 60 for 3 CPUs, nThreads = 75for 4 CPUs.
- Specifies nsslapd-accesslog-logging-enabled to off to disable access log
- Under dn: cn=config,cn=ldbm database,cn=plugins,cn=config LDAP entry:
- Under dn: cn=userRoot,cn=ldbm database,cn=plugins,cn=config LDAP entry, modifies the line nsslapd-cachememsize to newSize where newSize = 3 * the size of id2entry.db3.
- If NEED_REBOOT is yes, the nsslapd-maxdescriptors is set to 16384.
Sun Java System Web Server 6.1 Tuning
The following describe the JVM tuning offered by the perftune script to help tune Sun Java System Web Server for Portal Server performance.
- Specify the following in magnus.conf located at WebServer-base/SUNWwbsvr/https-hostname/config
- Specify the following in server.xml file at WebServer-base//https-hostname//config for JVM Tuning:
- -Xms3G (This value is set to 3 gigabytes if memory is available; otherwise, by default, the Xms value is set to 128)
- -Xmx3G (This value is set to 3 gigabytes if memory is available; otherwise, by default, the Xmx value is set to 128)
- -Xss128K
- -Xloggc:/var/opt/SUNWappserver7/domains/domain1/
server1/logs/gclog- -XX:NewSize=384M
- -XX:MaxNewSize=384M
- -XX:MaxPermSize=64M
- -XX:PermSize=64M
- -XX:+UseParNewGC
- -XX:+UseConcMarkSweepGC
- -XX:MaxTenuringThreshold=1
- -XX:SoftRefLRUPolicyMSPerMB=1
- -XX:+CMSClassUnloadingEnabled
- -XX:+CMSPermGenSweepingEnabled
- -XX:+PrintGCTimeStamps
- -XX:+ShowMessageBoxOnError
- -XX:+OverrideDefaultLibthread
- -XX:+DisableExplicitGC
- -XX:+PrintGCDetails
- -XX:+PrintClassHistogram
Sun Java System Application Server 7.0 Tuning
When deploying the Portal Server on the Sun Java System Application Server, the minimum and maximum heap size for the Application Server instance is set to 3 gigabytes.
The perftune script prevents the perftune script from tuning a system that does not allow for a 3-gigabyte heap for the JVM.
The following describe the JVM tuning offered by the perftune script to help tune Sun Java System Application Server for Portal Server performance.
- Specify the following in init.conf located at Deplaoy_Domain/Deploy_Instance/config
- Specify the following JVM parameters in Deplaoy_Domain/Deploy_Instance/config/sever.xml:
- -Xms3G (This value is set to 3 gigabytes if memory is available; otherwise, by default, the Xms value is set to 128)
- -Xmx3G (This value is set to 3 gigabytes if memory is available; otherwise, by default, the Xmx value is set to 128)
- -Xss128K
- -Xloggc:/var/opt/SUNWappserver7/domains/domain1/server1/logs/gclog
- -XX:NewSize=384M
- -XX:MaxNewSize=384M
- -XX:MaxPermSize=64M
- -XX:PermSize=64M
- -XX:+UseParNewGC
- -XX:+UseConcMarkSweepGC
- -XX:MaxTenuringThreshold=1
- -XX:SoftRefLRUPolicyMSPerMB=1
- -XX:+CMSClassUnloadingEnabled
- -XX:+CMSPermGenSweepingEnabled
- -XX:+PrintGCTimeStamps
- -XX:+ShowMessageBoxOnError
- -XX:+OverrideDefaultLibthread
- -XX:+DisableExplicitGC
- -XX:+PrintGCDetails
- -XX:+PrintClassHistogram
Note
The Deplaoy_Domain/Deploy_Instance/config/server.xml file is backed up in the format:
filename-orig-date-pid
To Set Additional Sun Java System Application Server Parameters for Gateway Reliability
To achieve optimal performance using Secure Remote Access, configure your implementation as follows:
- Modify the AccessManager-base/SUNWam/lib/AmConfig.properties file to set the notification threadpool size for the application server. At the top of the file just below the following lines:
Sun, Sun Microsystems, the Sun logo, and iPlanet
* are trademarks or registered trademarks of Sun Microsystems,
* Inc. in the United States and other countries.
- Add the following lines to set the threadpool size to 200:
/*Notification Thread Pool Size*/ com.iplanet.am.notification.threadpool.size=200
- Log on to the Portal Server administration console with the user name amadmin and the passphrase you entered during the installation.
- Select Service Management in the View menu.
- Select SRA Configuration and then Gateway.
- Select the default server and click Edit.
- Check the Enable HTTP Connections checkbox.
- In the HTTP Port field, type 80 and click Save.
- Log in to the Sun Java System Application Server administration console as administrator (admin) by entering http://fullservername:port in your browser’s web address field. The default port is 4848. Use the password you entered at installation.
- Select the application server instance where you installed the Access Manager.
- Click JVM Settings and then JVM Options.
- In the JVM Option field, enter the following string:
-Dhttp.keepAlive=false
- Click Add and then Save.
- Select the application server instance where you will install Portal Server.
The right pane shows that the configuration has changed.
- Click Apply Changes.
- Click Restart.
- The application server should automatically restart.
- On the server where the gateway is installed, go to the /opt/SUNWps/bin/perf directory and enter the following to run a script that sets tuning parameters for Secure Remote Access:
./perftune
- Modify the AccessManager-base/SUNWam/lib/AmConfig.properties file to set the notification threadpool size for the gateway. At the top of the file just below the following lines:
Sun, Sun Microsystems, the Sun logo, and iPlanet
* are trademarks or registered trademarks of Sun Microsystems,
* Inc. in the United States and other countries.
- Add the following lines to set the threadpool size to 200:
/*Notification Thread Pool Size*/ com.iplanet.am.notification.threadpool.size=200
- Go to the /opt/SUNWps/bin directory and modify the gateway file to set the -Dhttp.keepAlive option to false and to increase the settings for the -Xms and -Xmx heap size options.
- Define the CMD settings options as follows:
CMD="$JAVA_HOME/bin/java -server -Xms3G -Xmx3G -XX:+OverrideDefaultLibthread -Xss128K
-XX:MaxPermSize=64M -XX:PermSize=64M -XX:MaxNewSize=512M
-XX:NewSize=512M -XX:+UseParNewGC -XX:+UseConcMarkSweepGC
-XX:MaxTenuringThreshold=1
-XX:SoftRefLRUPolicyMSPerMB=1
-XX:+CMSClassUnloadingEnabled -XX:+CMSPermGenSweepingEnabled
-XX:+PrintGCDetails
-XX:+PrintGCTimeStamps -XX:+PrintClassHistogram
-XX:+ShowMessageBoxOnError -XX:+DisableExplicitGC
-Xloggc:/var/opt/SUNWps/debug/gclog.$GW_INSTANCE -classpath $CLASSPATH $DEFINES1 $DEFINES2 $DEFINES3 $DEFINES4 $DEFINES5
$PROXY_DEFINES $BOOT_CLASSPATH com.sun.portal.netlet.eproxy.EProxy"- Modify the /etc/opt/SUNWps/platform.conf.default file to set the gateway.protocol parameter to http and the gateway.port parameter to port 80 as follows:
gateway.protocol=http
gateway.port=80
- Restart the gateway for the changes to take effect by typing the following command:
PortalServer-base/SUNWps/bin/gateway -n default start
where default is the default gateway profile created during installation.
Portal Server Desktop Tuning
The caller parameters are used to size the thread pool to render content through the providers. The caller pool is initialized to size 0. Items are added to the pool as they are used and returned. The caller pool can expand to a very large size, but it normally is only be as big as the number of channels on the user’s Portal Desktop. When multiple concurrent threads have the same sid, the pool can expand to an size that is n * m, where n = the number of concurrent same-sid threads and m = the number of channels on the Portal Desktop for the given sid.
The perftune script changes the following parameters for optimizing the Provider Caller Resource Pooling, in the /etc/opt/SUNWps/desktop/desktopconfig.properties file:
To minimize unnecessary memory growth due to spawning of Portal Desktop caller threads when performing long-run tests, these properties (except for templateScanInterval) should be changed to their original default values.
Make the following changes to these properties: