CA Access Gateway (SPS) Linux tuning how to
search cancel

CA Access Gateway (SPS) Linux tuning how to

book

Article ID: 44209

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On SITEMINDER

Issue/Introduction


Trick and tips on how to tune CA Access Gateway (SPS) running on Linux.

 

Environment

 

CA Access Gateway (SPS) 12.8 on Linux;

 

Resolution

 
First, the CA Access Gateway (SPS) has an Apache and Tomcat embedded modules. Here are indications about the parameters for tuning:

  • Apache
  • Apache Tomcat connector
  • Http client Connection Pool
  • JVM (1)

The best value will be obtained by benchmarking a test or QA environment, putting loads on it, and configuring and collecting full traces from each component.     

This will help to identify the bottlenecks.

Second, the section "Operating System Tuning for Agents" mentions some memory parameters.

They are addressed to the SunOS system. When running on Linux, consult the vendor documentation (Redhat or other) to tune some of them (2).

Often, the out of the box configuration is already enough for shared memory on Linux, which is not the case with SunOS systems.

That is the reason why only values for SunOS can be seen from that documentation section.

Third, when looking at a 64-bit RedHat 7 and RedHat 8 system, the default values are:

   Redhat 7
   
     /proc/sys/kernel/shmmax
     
       18446744073692774399

     /proc/sys/kernel/shmmni
     
       4096

    Redhat 8

     /proc/sys/kernel/shmmax
    
       4398046511104

     /proc/sys/kernel/shmmni
     
       4096
       
They are greater than the ones recommended for SunOS. Find more documentation about RedHat Operating System (3).

Finally, the CA Access Gateway (SPS) 12.8 documentation brings some sections about the tunable parameters for different embedded components (4)(5)(6).

Note that 'MaxClients' has been renamed to 'MaxRequestWorkers' in Apache 2.4.x (bundled with Access Gateway 12.8).

 

Additional Information

 

  1. CA Access Gateway (formerly Secure Proxy Server): Commonly Tuned Parameters
    https://knowledge.broadcom.com/external/article?articleId=43275
  2. Operating System Tuning for Agents
    https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/implementing/implementing-siteminder/performance-tuning/operating-system-tuning-for-agents.html

  3. 5.4. CAPACITY TUNING
    https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/performance_tuning_guide/s-memory-captun

  4. Configure the Apache Settings Manually
    https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/configuring/access-gateway-configuration/configure-the-apache-settings-manually.html

  5. Configure the Proxy Service Settings Manually
    https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/configuring/access-gateway-configuration/configure-the-proxy-service-settings-manually.html

  6. Configure the Tomcat Settings Manually
    https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/configuring/access-gateway-configuration/configure-the-tomcat-settings-manually.html

 

Powered by Wolken Software