Previous Topic: How to Allow the NTC to Encode URLs During Redirects to Protected ResourcesNext Topic: Using Credential Collectors Between 4.x Type and Newer Type Agents


Tune the Performance of the FCC

You can configure any of the following settings to help improve the performance of your credential collectors:

Disable FCC Realm Context Confirmation to Improve Performance

During forms authentication, the Web Agent makes an IsProtected call to the Policy Server to determine if the requested resource is protected. After this first call, the Web Agent typically makes an additional IsProtected call to the Policy Server. This second call establishes a realm context so that the Web Agent can log a user in with an FCC to access a protected resource. You can control whether the Web Agent makes this additional call using the following parameter:

FCCForceIsProtected

Specifies whether the Web Agent makes an additional IsProtected call to the Policy Server to establish a realm context so that the Web Agent can log a user in to access a protected resource.

When this parameter is set to no, the Web Agent uses the realm information obtained from its initial IsProtected call to the Policy Server instead.

Default: Yes

To improve performance by disabling the FCC realm context confirmation, set the value of the FCCForceIsProtected parameter to no.

Forms Cache

The forms cache stores form template data. Storing template data improves performance because the agent no longer reads the .fcc files multiple times for the same data. When a resource with an FCC extension is accessed, the FCC reads and processes the corresponding template file. An agent performs hundreds of these read operations each second.

The form cache relieves the FCC by storing form template files in memory where they can be read easily. Because virtual memory access is faster than disk access, allowing FCC components to process forms more quickly with reduced strain on the host server.

The improved processing time increases the capacity of the FCC for serving requests for each web server. Forms authentication becomes more efficient.

Form Cache Data

The data stored in the form cache consists of the form template text, which is parsed beforehand into data structures. These data structures optimize FCC processing.

These data structures include:

Directives, functions, and variables are processed from the top of the FCC file down.

Configure the Form Cache

Forms can be cached to improve performance and reduce unnecessary network traffic. You can control the settings of form cache with the following parameters:

EnableFormCache

Controls the forms template cache. Setting this parameter to yes, improves the performance of forms authentication. To disable the cache, set this parameter to no.

Default: Yes

FormCacheTimeout

Specifies the number of seconds that an object may reside in cache before being considered invalid. When the timeout interval expires, the date and time of the form template file is compared against the time that the cache object was created. If the object in the cache is stored more recently than the file on disk, the timeout is reset for another interval. Otherwise, the object is removed from the cache.

Default: 600

Follow these steps:

  1. Set the value of the EnableFormCache parameter to yes.
  2. If you want to change the timeout interval for the form cache, set the value of the FormCacheTimeout value to the number of seconds you want.

    The form cache is configured.

Specify an NTLM Credential Collector

The NTLM credential collector (NTC) is an application within the Web Agent. The NTC collects NT credentials for resources that the Windows authentication scheme protects. This scheme applies to resources on an IIS web server that are accessed by Internet Explorer browsers.

Each credential collector has an associated MIME type. For IIS, the NTC MIME TYPE is defined in the following parameter:

NTCExt

Specifies the MIME type that is associated with the NTLM credential collector. This collector gathers NT credentials for resources that the Windows authentication scheme protects. This scheme applies to resources on IIS web servers that only Internet Explorer browser users access.

You can have multiple extensions in this parameter. If you are using an Agent Configuration Object, select the multivalue option. If you are using a local configuration file, separate each extension with a comma.

Default: .ntc

If your environment already uses the default extension that the NTCExt parameter specifies, you can specify a different MIME type.

To change the extension that triggers the credential collector, add a different file extension to the NTCExt parameter.