Not two installations look the same and therefore it is natural that performance configurations differ from setup to setup. This article lines out what actions can be done to adapt Nexus Hybrid Access Gateway for large concurrent usage.
The following usage scenarios are considered below:
USAGE-LOW: 0-100 concurrent users
USAGE-MEDIUM: 101-1000 concurrent users
USAGE-HIGH: 1001-5000 concurrent users
USAGE-HIGHER: 5000- concurrent users
The memory impact for a single user might differ greatly between systems depending on the use case. Some back-end resources are a lot heavier on the Hybrid Access Gateway than others, and different usage scenarios (e.g. Access Client, Ericom, etc.) might put different load on the system. If it is noted that the system is slow in response or that Out-of-memory can be seen in the logs it is suggested to select a higher usage level even if the amount of users does not imply this.
Given the usage scenarios, configure the memory limits according to the following table.
In the default state, a Hybrid Access Gateway appliance has 3072 MB memory designated to it.
If there are more than ten individual services in the Hybrid Access Gateway network add the following memory amount to the above figures.
USAGE-LOW, USAGE-MEDIUM, USAGE-HIGH
In the sum of max memory, there must be space for the Operative System and the Access point (if configured on the same server). The Access Point can consume up to 1024 MB memory.
Each of the java services, that is, Administration service, Authentication service, Distribution service, and Policy service, has two limits that decide how much memory can be used by that particular process and how much initial memory should be addressed.
To change the memory limits for the java services:
- Start a shell and authenticate towards the appliance containing the service, using for example putty or ssh.
- In the menu select exit to bash.
- Elevate the prompt using
sudobash or similar.
- For each of the services that need to be configured, repeat steps 5-12.
- Type at the prompt:
- Inspect the result and see if a file called
customize.confis listed. If so, continue to step 8.
- Copy the template file. Type at the prompt:
cp customize-template.conf customize.conf
- Change permissions of the file so it can be read by the Authentication service:
chown pwuser:pwuser customize.conf
- Edit the new file using a file editor of choice. Below vi is assumed.
Type at the prompt:
- Replace the values for
with the values from the table for this service, see the recommended memory limits above.
- Save the file
- Restart the service
At the prompt:
- Verify in
/opt/nexus/<service>/logs/system.logthat the service starts as it should.
At the prompt:
If it is decided that the system requires more memory than what is available to the appliance (i.e. VMware or Hyper-V instance), configure more memory for the appliance in Hyper-V or VMware management.
The Access point performance settings are in the Administration interface. To update the Access point performance settings:
- Log into the administration service with an administrator account.
Go to Access Points > Global Access Point Settings and configure the settings accordingly:
Size of socket listening backlog
*To configure a higher value than 700, Hybrid Access Gateway 5.10.0 or higher must be used.
If the system uses many Tunnel connections, that is, Access Client users, raise the max number of Tunnel Connections accordingly. The max number of Tunnel Connections is the number of concurrent users multiplied by average number of tunnels per user. Also add space to accomodate for usage peaks.
If it is noted that systems with heavy usage still suffers from performance issues after these tweakings it is suggested to expand the system to balance the load on several nodes. That is, add more Access Point Nodes and Policy Server Nodes for the access and if needed more Authentication Servers also.