Tuning suggestions ONLY for Advance Authentication components

book

Article ID: 40225

calendar_today

Updated On:

Products

CA Rapid App Security CA Advanced Authentication CA API Gateway

Issue/Introduction

 

Introduction:

This document provides tuning suggestions for AA components (version 7.x, 8.x and higher) in high LOAD situations. There is no cookie-cutter approach to tuning; hence this is just a suggestion and not a recommendation. Use this document to familiarize yourself to various configurations such as:

a.    LDAP Pooling – UDS to LDAP connections

b.    DB Connection Pooling – Authminder / Riskminder  to DB connections

c.    Updating Transaction Native Configuration

d.    Updating Transaction Webservice Configuration

e.    Updating  Database Configurations for Webfort instances

f.     Updating UDS Connectivity Configuration

 Instructions:

1. LDAP Pooling - Updating $CATALINA_HOME/conf/catalina.properties with LDAP values

Authminder communicates with the configured LDAP cache, but further LDAP pooling configuration may be needed in an increasing Load scenario.  

The following LDAP pooling parameters can be added to catalina.properties In the example below Tomcat is being used and $CATALINA_HOME is set

to /opt/tomcat/apache-tomcat-7.0.53/.  So, update the catalina.properties in this location - /opt/tomcat/apache-tomcat-7.0.53/conf/catalina.properties 

 as such:

com.sun.jndi.ldap.connect.pool.protocol=plain

com.sun.jndi.ldap.connect.pool.authentication=simple

com.sun.jndi.ldap.connect.pool.maxsize=2048

com.sun.jndi.ldap.connect.pool.prefsize=2000

com.sun.jndi.ldap.connect.pool.timeout=5000

#com.sun.jndi.ldap.connect.pool.initsize=32

com.sun.jndi.ldap.connect.pool.debug=all   #(added for extra logging)

 

2.   Updating Database connection/pooling in <ARCOT_HOME>/conf/arcotcommon.ini

<ARCOT_HOME>/conf/arcotcommon.ini is a file that contains, among other environment specific items, tunables for connecting to the Arcot DB/RAC instance(s).  As AuthMinder usage increases, the number of connections to the database should be increased via MaxConnections.  The connection timeout should be decreased in order to clean up any long-running threads.  The following example shows what the updated values would look like, with the modifications highlighted:

###lines may be wrapped###
[arcot/db/dbconfig]

DbType=oracle

Driver=oracle.jdbc.driver.OracleDriver

MinConnections=4

MaxConnections=512

IncConnections=2

MaxIdleConnections=64

MaxWaitTimeForConnection=5000

TimeBetweenEvictionRuns=45000

MinEvictableIdleTime=60000

AutoRevert=1

MaxTries=3

ConnRetrySleepTime=100

MonitorSleepTime=50

Profiling=0

EnableBrandLicensing=1

BrandLicenseFile=IVWF.LIC

MaxTransactionRetries=3

TransactionRetrySleepTime=10

      

3.  Updating Riskfort Transaction Native Configurations 

Login as masteradmin via this address:
https://<ArcotAdmin-VIP>/arcotadmin/mabamlogin.htm
After logging in successfully, browse to

Services and Server Configurations (on top menu bar)

èWebfort  (on top nav-bar)

èProtocol Configuration (on left nav-bar)

èSelect the appropriate Instance from the dropdown

Select “Native (TCP)” 7680

Update Minimum Threads from 32 to 128

 

Update Maximum Threads from 128 to 384

 

 


 4.  Updating Webfort Transaction Web Service Configurations

 Login as masteradmin via this address:

https://<ArcotAdmin-VIP>/arcotadmin/mabamlogin.htm
After logging in successfully, browse to

Services and Server Configurations (on top menu bar)

èWebfort  (on top nav-bar)

èProtocol Configuration (on left nav-bar)

èSelect the appropriate Instance from the dropdown

Select “Transaction Web Service” 7778

Update Minimum Threads from 32 to 128

Update Maximum Threads from 128 to 384

 

 


 

5.  Updating Database Configurations for Webfort Instance.

Login as masteradmin via this address:
https://<ArcotAdmin-VIP>/arcotadmin/mabamlogin.htm
After logging in successfully, browse to

Services and Server Configurations (on top menu bar)

èWebFort (on top nav-bar)

èInstance Management (on left nav-bar)

èClick on the appropriate instance from the drop down

 

Update the following:

Minimum Connections – From 4 to 8

Maximum Connections – From 64 to 512

Increment Connections – From 4 to 12

Monitor Thread Sleep Time (in Seconds) – from 1800 to 900

 

Log Query Details – from Unchecked to Checked

 

  

6.  Updating UDS Connectivity Configurations 

Login as masteradmin via this address:

https://<ArcotAdmin-VIP>/arcotadmin/mabamlogin.htm
After logging in successfully, browse to

Services and Server Configurations (on top menu bar)

èAdministration Console (on top nav-bar)

 

èUDS Connectivity Configuration (on left nav-bar)

 

 

 

User Data Service Connectivity Configuration”, modify the following:

Connection Timeout (in milliseconds) – from 30000 to 15000

Idle Timeout (in milliseconds) – from 30000 to 15000

Minimum Connections – from 4 to 12

 

Maximum Connections – from 32 to 1040

 


 

Cause

Tuning of CA Strong Authentication and CA Risk Authentication servers 

Environment

Release: ARCWFT05900-8-Arcot-WebFort-for Windows
Component:

Resolution

Discussed in the Issue section above. 

Additional Information

None. 

Attachments

1558723969156000040225_sktwi1f5rjvs16x1f.jpeg get_app
1558723967293000040225_sktwi1f5rjvs16x1e.jpeg get_app
1558723965408000040225_sktwi1f5rjvs16x1d.jpeg get_app
1558723963540000040225_sktwi1f5rjvs16x1c.jpeg get_app
1558723961321000040225_sktwi1f5rjvs16x1b.jpeg get_app