Dear all,
I'm experiencing some problems in my NAM Linux clustered configuration
(2 AC, 2 IS, 2AG): after a short time of correct behaviour, I start to
have big performance issues. The logins are incredibly slow and often
fail for timeout, while sometimes I also receive an ESP Overload error
message, thus making impossible to use the system. It seems the IS and
AG loose the connection to the admin console. No CPU or RAM problems
detected. In the statistics I can see 8000 cached sessions per AG
cluster member (so exceeding the max number of session reccomended, that
is 5000). Now, the number of users accessing protected resources can be
compared to 100 requests/second (rate at which browsers are requesting
web objects), 1100 connections peak (max number of TCP connections per
second), and 40K users defined in the user store. Policies are about 60,
most of them with simple http header injection parameters (just
username) and no form fills. Rules are about 20. According to these data
a 2AG/2IS cluster configuration should be enough (also for fault
tolerance, since 10000 users are never simoultaneously connected)
following Novell Sizing and Performance best practices and considering
that until now everything was managed with just one iChain machine.
Where do you think might be the problem then? Tomcat or Java memory
adjustments can be enough to solve this issue (set maxThreads="500",
-Xmx value 1800/2048, Dnids.freemem.threshold value from 0 to a value
between 5 and 15, NAGGlobalOptions ESP_BusyThreshold=4000, set
LdapLoadThreshold to 30) Or another AG is required according to your
experience? Can SP4 really solve this kind of issues (please, point me
to the related bug solved in readme) or is just a try?
The coolsolution to Configure Access Gateway Embedded Service Provider
to Reduce Access Gateway Load and Improve Performance has already been
SP3 plain is currently installed.
Any hint is really appreciated, thanks

kurtz76's Profile:
View this thread: