000025825 - RSA ClearTrust performance and tuning information

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000025825
Applies ToRSA ClearTrust 5.0.1 Authorization Server (AServer)
IssueRSA ClearTrust performance and tuning information
The RSA ClearTrust documentation lacks adequate information on the impact of changing the various Connection Management related parameters in ldap.conf, specifically when attempting to tune ClearTrust to gain performance. Some of the questions include:

1. What is the recommended value that the following:

"cleartrust.data.ldap.directory.<ldap-name>.connection.startconnections", "cleartrust.data.ldap.directory.<ldap-name>.connection.ondemandconnections", "cleartrust.data.ldap.directory.<ldap-name>.connection.maxconnections"

should be for the Auth Server to an LDAP connection pool parameters? Is there some type of equation that can be used based on an average load to calculate these?

2. What are performance-related aspects that should be considered or monitored to determine when the allocated connections are insufficient?
ResolutionA document has been written to aid in understanding the various elements involved in RSA ClearTrust Authorization Server performance and tuning those elements for maximum efficiency. This document is available as a hot fix Contact RSA Security Customer Service and request for hot fix for ClearTrust.


Section 3.3 of the Performance and Tuning guide makes a reference to a parameter:


This parameter is not listed in ldap.conf; the correct name of the parameter is:


Also, make a note of the following excerpt from the release notes for ClearTrust 5.0.1 Servers:

"Defective parameter mapping to ConnectionManagerData.java
Issue Tracking Number: 6405
Description of Problem: An issue with ConnectionManagerData.java causes the Servers to read incorrect values for two parameters in sql.conf or ldap.conf. Specifically, the value of the connection.reclaimconnections parameter is used incorrectly for the other two parameters, connection.keepalive and connection.validate_on_reserve. Because of this bug, validate_on_reserve and connection.keepalive are set to whatever reclaimconnections is set.
Description of Solution: None."
Legacy Article IDa17712