Skip Navigation Links | |
Exit Print View | |
Oracle Directory Server Enterprise Edition Deployment Planning Guide 11g Release 1 (11.1.1.5.0) |
Part I Overview of Deployment Planning for Directory Server Enterprise Edition
1. Introduction to Deployment Planning for Directory Server Enterprise Edition
2. Business Analysis for Directory Server Enterprise Edition
Part II Technical Requirements
3. Usage Analysis for Directory Server Enterprise Edition
4. Defining Data Characteristics
5. Defining Service Level Agreements
6. Tuning System Characteristics and Hardware Sizing
Directory Server and Directory Proxy Server LDAP and LDAPS Port Numbers
Directory Server DSML Port Numbers
Directory Service Control Center and Common Agent Container Port Numbers
Identity Synchronization for Windows Port Numbers
Hardware Sizing For Directory Service Control Center
Hardware Sizing For Directory Proxy Server
Configuring Worker Threads and Backend Connections
Hardware Sizing For Directory Server
Directory Server Database Page Size
Directory Server Administration Files
Directory Server Threads and File Descriptors
Simulating Client Application Load
Directory Server and Processors
Directory Server and Local Disk Space
Directory Server and Network Connectivity
Limiting Directory Server Resources Available to Clients
Limiting System Resources Used By Directory Server
Operating System Tuning For Directory Server
Operating System Version and Patch Support
System-Specific Tuning With The idsktune Command
Transmission Control Protocol (TCP) Settings
Physical Capabilities of Directory Server
Other Tips to Improve Overall Performance
For Maximum Search Rate (Searches Only)
For Maximum Modification Rate (Modifications Only)
Small, Medium, and Large Data Sets
Optimum Search Performance (Searches Only)
Optimum Modify Performance (Modifications Only)
Tuning Indexes for Performance
Basic Directory Server Sizing Example: Disk and Memory Requirements
Preparing a Directory Server Instance
Populating the Suffix With 10,000 Sample Directory Entries
Populating the Suffix With 100,000 Sample Directory Entries
Populating the Suffix With 1,000,000 Sample Directory Entries
7. Identifying Security Requirements
8. Identifying Administration and Monitoring Requirements
9. Designing a Basic Deployment
10. Designing a Scaled Deployment
11. Designing a Global Deployment
12. Designing a Highly Available Deployment
Part IV Advanced Deployment Topics
13. Using LDAP-Based Naming With Solaris
14. Deploying a Virtual Directory
Directory Proxy Server runs as a multithreaded Java program, and is built to scale across multiple processors. In general, the more processing power available the better, though you might find that in practice adding memory, faster disks, or faster network connections can enhance performance more than additional processors.
Directory Proxy Server uses memory mainly to hold information that is being processed. Complex aggregations for processing some virtual directory requests against multiple data sources may temporarily use extra memory. If one of your data sources is an LDIF file, Directory Proxy Server constructs a representation of that data source in memory. However, unless you use large LDIF data sources, not a recommended deployment practice, a couple gigabytes of memory devoted to Directory Proxy Server should suffice. You might want to increase the Java virtual machine heap size when starting Directory Proxy Server if enough memory is available. For example, to set the Java virtual machine heap size to 3 gigabytes, use the following command.
$ dpadm set-flags instance-path jvm-args="-Xms3G -Xmx3G -XX:NewSize=2G -XX:MaxNewSize=2G -XX:+UseParNewGC -XX:+UseConcMarkSweepGC"
This command uses several options which are specific to the Oracle Java virtual machine. The NewSize and MaxNewSize values are recommended to be 2/3 of the heap. The default heap size is 1 gigabyte.
Directory Proxy Server allows you to configure how many threads the server maintains to process requests. You configure this using the server property number-of-worker-threads, described in number-of-worker-threads(5dpconf). As a rule of thumb, try setting this number to 50 threads plus 20 threads for each data source used. To gauge whether the number is sufficient, monitor the status of the Directory Proxy Server work queue on cn=Work Queue,cn=System Resource,cn=instance-path,cn=Application System,cn=DPS6.0,cn=Installed Product,cn=monitor. If you find that the operationalStatus for the work queue is STRESSED, this can mean thread-starved connection handlers are unable to handle new client requests. Increasing number-of-worker-threads may help if more system resources are available for Directory Proxy Server.
The number of worker threads should also be appropriate for the number of backend connections. If there are too many worker threads for the number of backend connections, incoming connections are accepted but cannot be transmitted to the backend connections. Such a situation is generally problematic for client applications.
To determine whether this situation has arisen, check the log files for error messages of the following type: "Unable to get backend connections". Alternatively, look at the cn=monitor entry for load balancing. If the totalBindConnectionsRefused attribute in that entry is not null, the proxy was unable to process certain operations because there were not enough backend connections. To solve this issue, increase the maximum number of backend connections. You can configure the number of backend connections for each data source by using the num-bind-limit, num-read-limit and num-write-limit properties of the data source. If you have already reached the limit for backend connections, reduce the number of worker threads.
If there are not enough worker threads for the number of backend connections, so much work can pile up in the server's queue that no new connections can be handled. Client connections can then be refused at the TCP/IP level, with no LDAP error returned. To determine if this situation has arisen, look at the statistics in the cn=monitor entry for the work queue. In particular, readConnectionsRefused and writeConnectionsRefused should remain low. Also, the value of the maxNormalPriorityPeak attribute should remain low.
By default Directory Proxy Server requires up to one gigabyte of local disk space for access logging, and another gigabyte of local disk space for errors logging. Given the quantity of access log messages Directory Proxy Server writes when handling client application requests, logging can be a performance bottleneck. Typically, however, you must leave logging on in a production environment. For best performance therefore put Directory Proxy Server logs on a fast, dedicated disk subsystem. See Configuring Directory Proxy Server Logs in Oracle Directory Server Enterprise Edition Administration Guide for instructions on adjusting log settings.
Directory Proxy Server is a network-intensive application. For each client application request, Directory Proxy Server may send multiple operations to different data sources. Make sure the network connections between Directory Proxy Server and your data sources are fast, with plenty of bandwidth and low latency. Also make sure the connections between Directory Proxy Server and client applications can handle the amount of traffic you expect.
If connections will be opened and closed very frequently, consider reducing the TCP stack's time wait state duration to 1 second. Use the following command on Solaris (as superuser):
$ ndd -set /dev/tcp tcp_time_wait_interval 1000
For other operating systems, please refer to the operating system documentation.