How to optimize Cloud Access Manager for a production environment.
Using these recommended configurations, a Proxy host can typically support up to 7,000 users and a Security Token Service (STS) host can typically support up to 15,000 users.
Proxy Hosts - Memory
For a production environment, we recommend that each proxy host has a minimum of 9GB of physical memory with 6GB of this memory allocated to the Java virtual machine (JVM).
Run msinfo32 to access System Information and check total physical memory.
To configure the maximum amount of memory allocated to the Java virtual machine Perform the following steps on the proxy host:
1. Double click \Cloud Access Manager Proxy\bin\CloudAccessManagerProxyw.exe on each proxy host to open the proxy service configuration tool.
2. Click the Java tab.
3. In the Maximum memory pool field, enter the value 6144, then click Apply to set the maximum amount of memory allocated to the Java Virtual Machine heap to 6GB.
4. You must restart the proxy service for this setting to take effect. To restart the proxy service, click the General tab and then click Restart.
Proxy Hosts - CPU
For a production environment, we recommend that each proxy have an minimum of 8 processor cores across 2 CPU.
Run Task Manager and check under Performance - CPU. Check under Sockets for the number of CPU's and under Cores for the number of processors.
Proxy Hosts - Disk Space
We recommend the following minimum disk space requirements are observed.
Disk Space 25GB
Proxy Hosts - HTTP Connections
For a production environment, the recommended default settings described below allow each proxy host to handle up to 12,000 concurrent, persistent HTTP connections.
To increase the number of concurrent HTTP connections.
Perform the following steps on the proxy host.
1. Edit the \conf\server.xml file on each proxy host and update the connector for port 443 to set the maxThreads setting to 12200. The file contains multiple connectors; only the connector for port 443 should be updated. The connectors for ports 80 and 8553 can remain at the default value of 200.
2. Next to the modified maxThreads parameter, insert a new parameter disableKeepAlivePercentage="99" as shown in the example below:
disableKeepAlivePercentage="99"
scheme="https" secure="true"
SSLEnabled="true" sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2"
keystoreFile="j2sdk/jre/lib/security/cacerts"
3. You must also configure the host to support this number of connections, by default Microsoft Windows Server 2008 R2 will allow approximately 8,000 connections. To allow a greater number of connections use the netsh command to increase the dynamic ports range.
You can see what the dynamic ports are currently set to with this command: netsh int ipv4 show dynamicport tcp
The following example will allow approximately 12,000 persistent HTTP connections. Run this command from a command prompt as an administrator. It is recommended to reboot after taking these steps.
netsh int ipv4 set dynamicport tcp start=40000 num=25000
*Note that step 3 should also be done on all of the STS Servers.
STS Hosts - Memory
For a production environment, we recommend that each Security Token Service (STS) host has 8GB of physical memory.
Run msinfo32 to access System Information and check total physical memory.
STS Hosts - CPU
For a production environment, we recommend that each STS have an minimum of 8 processor cores across 2 CPU.
Run Task Manager and check under Performance - CPU. Check under Sockets for the number of CPU's and under Cores for the number of processors.
STS Hosts - Disk Space
We recommend the following minimum disk space requirements are observed.
Disk Space 50GB
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center