The Gluu Server has a stateless architecture and scales quite well out-of-the-box. However, to achieve maximum performance, the following server components must be tuned accordingly:
- Operating System (OS)
- Memory and infrastructure
- Web application container (Jetty, JBoss)
- Gluu Server configurations
The Gluu Server is designed for Linux. Therefore, the following can be tuned as needed:
Most configurations below can be tuned in
/etc/security/limits.conf, however it may depend on OS.
Increase TCP Buffer Sizes
sysctl -w net.core.rmem_max=16777216 sysctl -w net.core.wmem_max=16777216 sysctl -w net.ipv4.tcp_rmem="4096 87380 16777216" sysctl -w net.ipv4.tcp_wmem="4096 16384 16777216"
Increase connection listening size
sysctl -w net.core.somaxconn=4096 sysctl -w net.core.netdev_max_backlog=16384 sysctl -w net.ipv4.tcp_max_syn_backlog=8192 sysctl -w net.ipv4.tcp_syncookies=1
Increase ports range
sysctl -w net.ipv4.ip_local_port_range="1024 65535" sysctl -w net.ipv4.tcp_tw_recycle=1
Increase file descriptors
* soft nofile 65536 * hard nofile 262144
Memory and infrastructure#
Make sure there is enough memory for each Gluu Server component (e.g. LDAP, Jetty). For high load systems, it can be helpful to have each component on separate machine.
For convenience, all samples are for Gluu OpenDJ. However, these are general recommendations that should apply for other LDAP Servers too.
Maximum allowed connections: If there are not enough connections to serve the client, a connection is put "on hold". To avoid delays, provide the expected maximum allowed connections, e.g.:
LDAP Server resources: Make sure to provide enough resources to LDAP. For example, OpenDJ uses JVM for running. For high performance, make sure enough memory is provided via the JVM system properties.
Use cache as much as possible. For example:
dsconfig -n set-backend-prop --backend-name userRoot --set db-cache-percent:50
Additional LDAP performance resources can be found in the dollowing docs:
By default, jetty's task queue is unlimited. If load is expected to be high, limit the task queue. Configuration may vary for each particular scenario.
<Configure id="Server" class="org.eclipse.jetty.server.Server"> <Set name="ThreadPool"> <New class="org.eclipse.jetty.util.thread.QueuedThreadPool"> <!-- specify a bounded queue --> <Arg> <New class="java.util.concurrent.ArrayBlockingQueue"> <Arg type="int">6000</Arg> </New> </Arg> <Set name="minThreads">10</Set> <Set name="maxThreads">200</Set> <Set name="detailedDump">false</Set> </New> </Set> </Configure>
Gluu Server configurations#
oxauth-ldap.properties: Increase the LDAP connection pool size, e.g.:
``` maxconnections: 1000 ```
Make sure logging is turned OFF. Logging blocks threads and has a significant impact on performance. First test with low load, then test for high load with logging completely off. To turn off logging, in oxTrust navigate to
Configuration -> JSON Configuration -> oxAuth Configurationand set
OFF. Check the log files to confirm logging is off.
Turn off metrics. Gathering metrics also impacts performance. To turn metrics off, in oxTrust navigate to:
Configuration -> JSON Configuration -> oxAuth Configuration, and set