Several tokens in the [seosd] section of the seos.ini file (including GroupidResolution, HostResolution, ServiceResolution, and UseridResolution) control how CA ControlMinder performs name resolution. Setting these tokens appropriately improves performance.
Alternatively, you can create a lookaside database (instead of using system name resolution). To improve performance, select the lookaside database option. Tokens for this feature include the lookaside_path and use_lookaside.
Note: For more information about these tokens, see the seos.ini initialization file in the Reference Guide.
Whenever CA ControlMinder must perform UID to username, GID to groupname, ipaddr to host name, and port to service translations, it may have an impact CA ControlMinder performance. How CA ControlMinder performs these translations depends on the value of certain tokens in the seos.ini file-in particular, the under_NIS_server, use_lookaside, GroupidResolution, HostResolution, ServiceResolution, UseridResolution, and resolve_timeout tokens.
When native operating system mechanisms perform the resolution, the impact on system performance is relatively small. When translating ipaddr to host name, an external mechanism such as DNS must perform the translation. This may result in significant degradation of system performance. This degradation occurs because, while seosd is waiting to receive the host name, all other processes that CA ControlMinder has intercepted must also wait until seosd completes its processing.
Type of Station |
Source |
---|---|
Stand-alone |
Seosd uses the following files for translations;
|
NIS client |
The source of the information varies, depending on the operating system and its version number. The information is usually taken from /etc files and the NIS server. However, in some systems, the /etc files are not the source and the order in which translation is made is changed during system configuration. For instance, in the Solaris 2.x system the file /etc/nsswitch.conf determines the translation order. |
DNS client |
Translation for users, groups, and services is performed using /etc files. Host names are translated by calls to the DNS server and, on some systems, the /etc/hosts file is also read. |
NIS and DNS clients |
The ipaddr to host name translation is performed by DNS. For user, group, and service translations, the translations are performed in the same way as NIS client translations. |
Type of Station |
Source |
---|---|
NIS server |
The server machine usually behaves as both server and client, and consults the NIS server daemon for any type of translation. The files which contain the sources of the NIS resolution maps are usually located in /var/yp, but the location may vary, depending on the site configuration, and the type and version of the operating system. |
DNS server |
The source of the information used for translation depends on the configuration of the site. DNS does not have an option to scan its resolution database; therefore, CA ControlMinder cannot use caching, and must use a lookaside database. You must configure the lookaside database so that the utility sebuildla uses a host list file. For more information, see sebuildla in this chapter. |
all others |
Same as DNS server. |
In versions 2 and higher of CA ControlMinder, seosd can also use the tokens GroupidResolution, HostResolution, ServiceResolution, UseridResolution, and resolve_timeout to control the translation process. For more information about these tokens, see the Reference Guide.
Copyright © 2013 CA Technologies.
All rights reserved.
|
|