000021350 - TCP No Delay configurability for RSA ClearTrust Entitlements Server

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000021350
Applies ToRSA ClearTrust 5.5.2 Entitlements Server (EServer)
Microsoft Windows 2000 SP4
IssueTCP No Delay configurability for RSA ClearTrust Entitlements Server
CauseRFE description - In distributed Windows environments where Java Admin API-based clients are not co-located with the RSA ClearTrust EServer, certain types of queries can take much longer (100% or greater) to complete than if executed in a vertical environment. The symptoms appear to be Windows-specific, and does not occur in Solaris environments. In the tested scenario, a user's explicit entitlements were queried, and for each entitlement, the application URI's name was retrieved. There are indications that Winsock issues regarding the Nagle algorithm and TCP no delay may be at work. This reduced level of performance is undesirable; it would be useful for the EServer to have to have the configurability to control TCP no delay, as is currently available with the AServer.
ResolutionThis issue is referenced as defect tst00039396, and is resolved in hot fix for RSA ClearTrust Servers. Contact RSA Security Customer Support to request this hot fix, or request the latest fix level (which is cumulative, and contains fixes from previous fix levels). Within the eserver.conf file, add the following parameter:

# This optional parameter controls the TCP_NODELAY setting for connections
# between the Entitlements Server and clients. Setting this value to true
# usually results in improved performance. If you know that your particular
# network environment works better with the delay then set this value to false.
# Allowed Values:
#   True | False
# Default Value:
#   True
Legacy Article IDa22531