Manuals / IBM / Computer Equipment / Computer Drive

IBM 6.1.X manual Note to WAS

Models: 6.1.X

1 97

Download 97 pages 55.38 Kb

Page 15

Note to WAS 7:

S E C U R I T Y A T T R I B U T E P R O P A G A T I O N

To reduce the Security Attribute Propagation (SAP) overhead, please use a custom property 'disable Callerlist'. If SAP is not used, you can disable that, to remove the extra overhead to improve the login performance.

If Subject has not been customized, then there is no need to enable Security Attribute Propagation. Security Attribute Propagation can add extra overhead due to some extra processing that is required. However, there are certain configurations where performance might be better with security propagation enabled due to reduction of remote registry calls. See the WebSphere 6.1 InfoCenter (search for 'security attribute propagation') for a discussion of when propagating security attributes is desirable. If you want to enable SAP for functional reasons, you can improve the performance with CallerList tuning mentioned below.

These settings apply to all platforms.

How to Set: In the WebSphere Administrative Console: Security->Secure Administration, Applications, and Infrastructure -> Custom properties ->

Table 2: WebSphere Security Attribute Propagation Settings

	Security	Name	Value
	Attribute	Name	Value
	Attribute
	Propagation	com.ibm.CSI.disablePropagationCallerList	true
		com.ibm.CSI.disablePropagationCallerList	true

		com.ibm.CSI.rmiOutboundPropagationEnabled	false

		com.ibm.CSI.rmiInboundPropagationEnabled	false

		com.ibm.ws.security.webInboundPropagationEnabled	false

For com.ibm.CSI.disablePropagationCallerList create a new property, for the other 3 properties, modify their value to “false”.

Note to WAS 7:

In our WAS 7 environment, we add com.ibm.CSI.disablePropagationCallerList = true, and use the other 3 default true attributes. For was7, this field is accessed through: Security->Global Security ->CustomProperties->New.

1 0

W E BS P HE R E P O R T AL V 6 . 1 T U N I N G G U I D E

Image 15

IBM 6.1.X manual Note to WAS

Contents

IBM WPLC Performance Team March Document version IBM WebSphere Portal software family Your world. Your wayPerformance Tuning Guide IBM WebSphere PortalWEB 2.0 THEME TUNING ContentsPERFORMANCE TUNING OVERVIEW BASE PORTAL TUNINGCLUSTER TUNING MANY PAGES TUNINGWEB CONTENT MANAGEMENT TUNING COMPOSITE APPLICATIONS TUNINGExample Scenarios General InformationCache Usage Patterns Cache InstancesTables FiguresABOUT THIS DOCUMENT PERFORMANCE TUNING OVERVIEW Environment Considerations BASE PORTAL TUNING http//www-01.ibm.com/software/webservers/appserv/was/library Application Server TuningHow to get to Admin Console 3. http//yourhost10001/adminOn Solaris and zLinux, we use 3.5GB heap size in 64-bit environment reboot -q vmo -p -o vpinshm=1 XXSurvivorRatio serverXXMaxPermSize XX+UseConcMarkSweepGCW E B C O N T A I N E R T H R E A D P O O L S I Z E S E S S I O N T I M E O U TNote to WAS maxPoolSize How to SetinitPoolSize prefPoolSizeParameter WebSphere Portal ServicesR E G I S T R Y S E R V I C E RegistryService.propertiesParameter C A C H E M A N A G E R S E R V I C E Cache NameDatasource name Database TuningDatabase Database nameThe databases and related domains supported by Portal V6.1 are Perform a re-org check to improve performance For those tables which require reorganization, we use the command ∙ Database block size 8k sessions smitty aio Change/Show Characteristics of Async I/O MinServers =Mount -o cio /u02 chdev -l sys0 -a maxuproc=’4096’O T H E R D A T A B A S E C O N S I D E R A T I O N S executeDirectory Server Tuning db2 “update db config for idsldap using dbheap 4800”db2 alter bufferpool IBMDEFAULTBP size ThreadsPerChild Web Server TuningKeepAliveTimeout Access loggingMaxClients Note For z/OS, no Web Server was configuredMinSpareThreads MaxSpareThreadsOperating System Tuning W I N D O W S 2 0 0 N E T W O R K T U N I N G HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters. Create a new REGDWORD named below L I N U N E T W O R K T U N I N GK E R N E L T U N I N G How-to-Set ndd -set /dev/tcp PARAMETER VALUES O L A R I S N E T W O R K T U N I N GThe commands we use to setup 1.”pooladm -e” to enable pool facility Required Fixes WEB 2.0 THEME TUNING Navigator Service PropertiesJVM Initial and Maximum Heap Size Caching Proxy Tuning Internet Explorer Support of Vary HeaderProxy /searchfeed* http//server-name/searchfeed # uncommented these to enable statics to be cached # set cache-control public for various static contentWeb Server Tuning b. cache-scopepublic/cache-scope Portlet CachingExpiresActive On a. expiration-cache28800/expiration-cacheDB2 Database Tuning MANY PAGES TUNINGCache Manager Service Table 19 Cache Manager Service Settings for Many PagesRequired Fixes Application Server Tuning WEB CONTENT MANAGEMENT TUNINGCache Name WebSphere Portal Service PropertiesTable 20 Cache Manager Service Settings for WCM CacheManagerService.properties FileCache Name WCM Object CacheJCR Text Search WCM Configuration ServiceDB2 Tuning Authoring Environment B U F F E R P O O L S Bufferpool settingsZ / O S T A B L E S P A C E SD B 2 F O R Z / O S V 8 F I X E S TBSBPLOBTBSBPOOL IDXBPOOLCache Manager Service Properties COMPOSITE APPLICATIONS TUNINGComposite Applications Best Practices ∙ Another area to consider regarding teamspace complexity is the number of application roles. For many teamspaces, two roles manager and user are adequate. Don’t create additional roles unless they are really needed Value true CLUSTER TUNINGValue true Application Server TuningHow-To Set Web Server Tuning Table 26 Web Server Tuning for ClustersMaxRequestsPerChild Table 27 WebSphere Session Persistence Tuning Session Persistence To Database TuningSetting Additional DetailsVertical Cluster Tuning Required Fixes IBM Tivoli Directory Server TuningImproving Portal Startup Performance OTHER PERFORMANCE TUNING OPTIONSManaging the Retrieval of User Attributes The two trace strings are content.topology.dynamic=false Use of Dynamic Content FeaturesReal-World Network Considerations Location ~ \.jsgifjpgjpegpng$ BrowserMatch Mozilla/4 gzip-only-text/html# Dont compress images LoadModule headersmodule modules/modheaders.soGeneral Information WEBSPHERE PORTAL CACHESenabled The enabled property determines whether a cache is used or not. If a cache is not enabled, the property has a value of false, then no values are held by the cache and every cache lookup will return a null value. This property should only be modified for testing purposes, never in a production environment. The supported values are true and false and the global default value is true Supported values are true and false. The default values shipped in WebSphere Portal V6.1 should apply to most configurations. If you do not have a cluster there may be a small performance benefit to setting this property to false since a different cache implementation is used. We did not modify the defaults in our single node measurement environments Cache Usage Patterns Cache Instances Figure 1 Portal Access Control Cache Hierarchy com.ibm.wps.ac.PermissionCollectionCachecom.ibm.wps.ac.RolesCache com.ibm.wps.ac.AccessControlUserContextCachecom.ibm.wps.ac.ProtectedResourceCache com.ibm.wps.ac.OwnedResourcesCachecom.ibm.wps.ac.ExternalOIDCache com.ibm.wps.ac.ChildResourcesCache com.ibm.wps.ac.ApplicationRoleOIDCachecom.ibm.wps.ac.ApplicationRoleDescriptorCache com.ibm.wps.puma.DNOIDCache / com.ibm.wps.puma.OIDDNCache com.ibm.wps.ac.ApplicationRolesForPrincipalCachecom.ibm.wps.ac.ContainedRolesCache com.ibm.wps.ac.ApplicationRoleChildrenCachecom.ibm.wps.datastore.pageinstance.OIDCache com.ibm.wps.datastore.services.Identification.OidAndUniqueName.cachecom.ibm.wps.datastore.PortalIdCache.vpPerLpid.cache com.ibm.wps.datastore.PortalIdCache.explicitLpidPerVPcom.ibm.wps.datastore.pageinstance.DerivationCache com.ibm.wps.datastore.pageinstance.DynamicNodeCacheM O D E L com.ibm.wps.model.factory.SimpleCacheKey com.ibm.wps.model.content.impl.ResourceCachecom.ibm.wps.model.factory.ContentModelCache.live com.ibm.wsp.mode.content.impl.TopologyCachecom.ibm.wps.model.factory.URLMappingCache.live com.ibm.wps.model.factory.ContentModelCache.isolatedcom.ibm.wps.model.factory.NavigationSelectionModelCache.live com.ibm.wps.model.factory.NavigationSelectionModelCache.isolatedcom.ibm.wps.model.factory.MultiModelCache.isolated com.ibm.wps.model.content.impl.DynamicLoadCachecom.ibm.wps.model.factory.URLMappingCache.isolated com.ibm.wps.model.factory.MultiModelCache.livewps.mappingurl.LookupCache com.ibm.wps.services.vpmapping.VirtualPortalIDToRealmCachecom.ibm.wps.model.impl.RuntimeClientMap.userAgent2client wps.mappingurl.ContextsCacheW S R P com.ibm.wps.services.vpmapping.VirtualPortalIDToURLCachecom.ibm.wps.services.vpmapping.URLToVirtualPortalIDCache wsrp.cache.portletdescriptionwsrp.cache.portlet.window wsrp.cache.servicedescriptionwsrp.cache.portlet.instance wsrp.cache.producer.userwp.te.transformationAssociationCache wsrp.producer.portletpool.popswsrp.producer.portletpool.ccps processintegration.PendingTasksCacheP O L I C Y com.ibm.wps.policy.services.PolicyCacheManagercom.ibm.wps.policy.services.UserPolicyNodeCacheManager com.lotus.cs.services.directory.ldap.BasicLDAPDirectoryService.servercom.lotus.cs.services.domino.DominoService com.lotus.cs.services.directory.ldap.BasicLDAPDirectoryService.usercom.lotus.cs.services.directory.wmm.WMMDirectoryService com.lotus.cs.services.UserEnvironmentPortletMenuCache com.ibm.wps.services.cache.cachedstate.CachedStateServiceCache.cachewp.xml.configitems com.ibm.wps.pe.portletentityDefault size 2500, default lifetime 3730, usage pattern regular RegistryServicecom.ibm.workplace.searchmenu.helper.SearchMenuCacheHelper Default size 32, default lifetime infinite, usage pattern regularExample Scenarios Now we shall consider some recommendations for specific scenarios We increased the lifetimes of all caches to at least one hour com.ibm.wps.datastore.pageinstance.OIDCache WCM Cache Instances WEB CONTENT MANAGEMENT CACHESservices/cache/iwk/strategy - WCM Item caching services/cache/iwk/objectsummary - WCM Summaryservices/cache/iwk/module services/cache/iwk/processing - Advanced and Resour cesservices/cache/iwk/session - Session services/cache/iwk/missed - Missed Items services/cache/iwk/menu - Menuservices/cache/iwk/nav Navigator services/cache/iwk/abspath - Absolute pathuser.cache.enabled=true services/cache/iwk/libparent - Library ParentServices/cache/iwk/draftSummary - Draft Summary User cacheWebSphere Portal Information Center Klaus Nossek Kyung Lee Denny Pichardo, Technical Lead Mark Alkins, ManagerLee Backstrom, Document Coordinator Andrew Citron Nathan Cook Sabine Forkel Uwe Haller Shibi JohnW E BS P HE R E P O R T AL V 6 . 1 T U N I N G G U I D E The following are trademarks of other companies