Novell ACCESS MANAGER 3.1 SP2 - ACCESS GATEWAY GUIDE 2010 Manual page 166

L4 Switches: If the switch is slow or misconfigured, it can severely impact performance. You need
to make sure the switch has ample capacity to handle the traffic. If possible, clustered Access
Gateways should be plugged directly into the switch or segmented accordingly. It is also critical that
you enable sticky bit/persistence on the L4 switch. When this feature is not enabled, the product
handles the traffic correctly, but the system can run up to 50% slower than when persistence is
enabled. For tips on how to set up the L4 switch, see
Novell Access Manager 3.1 SP2 Setup
Policies: Authorization, Identity Injection, and Form Fill policies need to be implemented so that
they execute as quickly as possible. For example, a Form Fill policy impacts performance when the
form matching criteria are set up so that an entire directory of files must be searched before the form
is found. Also when policies are assigned to a protected resource, one policy with ten actions
executes faster than ten policies with one action in each policy.
Logging: You need to manage the size and number of log files as well as the logging level. You
should increase the log level to Debug only when you are troubleshooting a problem. As soon as the
problem is resolved, you should reduce the log level. You should also have a schedule for checking
the number and size of the log files and for removing the older log files.
Auditing: You need to carefully select the events that you audit. Selecting all events that are
available for the Access Manager components can impact performance. For example, the URL
Accessed event of the Access Gateway generates an event every time a user accesses a resource. If
you have many users and many resources that these users are accessing, selecting this event could
impact performance. You need to analyze your needs to see if you need to audit all URLs accessed.
If you need to audit only a few URLs, you can use proxy service logging to gather the information.
See Section 4.3, "Configuring Logging for a Proxy Service," on page
Access Gateway Service: For some tuning options that apply only to the Access Gateway Service,
see Section 8.5, "A Few Performance Tips," on page
Java Memory Allocations: The Tomcat configuration file controls the amount of memory that
Tomcat can allocate for Java. If you have installed your Access Gateway on a machine with the
recommended 4 GB of memory, you can modify two parameters in this file to improve performance
under heavy load:
"Modifying the Java Parameters on Linux" on page 166
"Modifying the Java Parameters on Windows" on page 167
Modifying the Java Parameters on Linux
On the Access Gateway Appliance, you need to modify just the free memory threshold for best
performance. On the Access Gateway Service, you need to modify the free memory threshold and
the amount of memory that Java can use.
1 Log in to the Access Gateway as the
2 Open the Tomcat configuration file for editing.
/var/opt/novell/tomcat5/conf/tomcat5.conf
3 For an Access Gateway Service, find the following line in the file:
JAVA_OPTS="-server -Xmx1024m -Xms512m -Xss128k -XX:+UseConcMarkSweepGC"
4 Replace the
This allows Java on the Access Gateway Service to use 2 GB of memory. For the Access
Gateway Appliance, the default value works best so do not change the value.
166 Novell Access Manager 3.1 SP2 Access Gateway Guide
Guide.
root
value (default is 1024) with 2048.
-Xmx
"Configuration Tips for the L4 Switch
131.
253.
user.
" in the