search cancel

VIP Web Services best practice for high-availability and optimal performance

book

Article ID: 150810

calendar_today

Updated On:

Products

VIP Authentication Service

Issue/Introduction

 

Resolution

Symantec VIP Web Services (API) Best Practices for High Availability and Optimal Performance

 

Your client implementation will vary depending on your specific configuration. The following are best-practice guidelines meant to provide connectivity optimization. 

  • Disable DNS caching for *.vip.symantec.com URLs to benefit from the VIP Services high-availability feature.
  • Restart your VIP connection service adapter after a VIP certificate change.
  • If your application is coded in Java™: Some Java JVMs cache DNS entries by default and ignore the TTL that is specified in the DNS protocol. If your application is Java-based, you need to disable this behavior by setting the networkaddress.cache.ttl and networkaddress.cache.negative.ttl Java security properties to 0. (source: http://docs.oracle.com/javase/6/docs/technotes/guides/net/properties.html)
  • Enable HTTP 1.1 keep-alive to save setup costs for subsequent requests after a connection has been established.
  • Use connection pools to avoid creating new connections. Connection pool parameters will vary - refer to your Web Services library documentation on how to enable and tune connection pools.
  • For monitoring purposes, the GetServerTime API can be used to monitor connectivity from the client-side. This lightweight API provides an estimate of the lowest response time that you can expect from the client.
  • Symantec recommends an SSL timeout of up to 5 seconds and 3 retries.
  • Due to VIP Service load balancing algorithms, SSL session resumption is not supported. Enable persistent connections to prevent transaction sharing between load-balanced cluster nodes.   
  • Run any type of bulk update (such as disabling credentials of inactive users) during off-peak hours. Typically, these hours should be scheduled during weekends or between 12:00 AM PST to 3:00 AM PST.
  • Load data can be obtained directly from Symantec. Do not perform load testing on VIP end-points. 
  • VIP Web Service WSDLs, unique URLs, and product documentation are often updated when VIP server-side APIs are updated. Periodically check VIP Manager for the latest builds.
  • Enable the VIP Report Streaming Service to obtain your VIP event logs from the VIP Cloud for end-to-end logging. (see  About the VIP Report Streaming Service API). 
  • Add a unique request ID with each request to locate the transaction in VIP Manager and other VIP logs. Use naming logic to identify the source of the request, such as subsystem or IP address. For example, VIP123456789 or TUSCON5_123456.
  • Consider adding the source and destination IP address to the message header to capture this data in the event logs. (See: Returning IP and source information in VIP event logs)