Not two installations look the same and therefore it is natural that performance configurations differ from setup to setup. This article lines out what actions can be done to adapt the Hybrid Access Gateway for large concurrent usage.
The following usage scenarios are considered below:
USAGE-LOW: 0-100 concurrent users
USAGE-MEDIUM: 101-1000 concurrent users
USAGE-HIGH: 1001-5000 concurrent users
USAGE-HIGHER: 5000- concurrent users
The memory impact for a single user might differ greatly between systems depending on the use case. Some back-end resources are a lot heavier on the Hybrid Access Gateway than others, and different usage scenarios (e.g. Access Client, Ericom, etc.) might put different load on the system. If it is noted that the system is slow in response or that Out-of-memory can be seen in the logs it is suggested to select a higher usage level even if the amount of users does not imply this.
Given the usage scenarios, configure the memory limits according to the following table.
In the default state, a Hybrid Access Gateway appliance has 3072 MB memory designated to it.
If there are more than ten individual services in the
Hybrid Access Gateway network add the following
memory amount to the above figures.
USAGE-LOW, USAGE-MEDIUM, USAGE-HIGH
In the sum of max memory, there must be space for the Operative System and the Access Point (if configured on the same server). The Access Point can consume of to 1024 MB memory.
If it is decided that the system requires more memory configuring the services as above more memory must be configured for the appliance in Hyper-V or VMWare management. => As described in Change memory limits? Or does this mean something else?
Each of the java services, that is, Administration Service, Authentication Service, Distribution Service, and Policy Service, has two limits that decide how much memory can be used by that particular process and how much initial memory should be addressed.
To change the memory limits for the java services:
- Start a shell and authenticate towards the appliance containing the service, using for example putty or ssh.
- In the menu select exit to bash.
- Elevate the prompt using
sudobash or similar.
- For each of the services that need to be configured, repeat steps 5-12.
- Type at the prompt:
- Inspect the result and see if a file called
customize.confis listed. If so, continue to step 8.
- Copy the template file. Type at the prompt:
cp customize-template.conf customize.conf
- Edit the new file using a file editor of choice. Below vi is assumed.
Type at the prompt:
- Replace the values for
with the values from the table for this service, see recommended memory limits.
- Save the file
- Restart the service
At the prompt:
- Verify in
/opt/nexus/<service>/logs/system.logthat the service starts as it should.
At the prompt:
The Access point performance settings are in the Administration interface. To update the Access point performance settings:
- Log into the administration service with an administrator account.
Go to Access Points > Global Access Point Settings and configure the settings accordingly:
Size of socket listening backlog
*To configure a higher value than 700, Hybrid Access Gateway 5.10.0 or higher must be used.
If the system uses many Tunnel connections, that is, Access Client users, raise (OK to write this as an imperative?) the max number of Tunnel Connections accordingly. The max number of Tunnel Connections is the number of concurrent users multiplied by average number of tunnels per user. Also add space to accomodate for usage peaks.
If it is noted that systems with heavy usage still suffers from performance issues after these tweakings it is suggested to expand the system to balance the load on several nodes. That is, add more Access Point Nodes and Policy Server Nodes for the access and if needed more Authentication Servers also.