Previous Topic: Configure Web Agents Under Heavy Loads

Next Topic: Increase the Number of Sockets per Port

Sockets Usage

In this section, connections discussed are from the Web Agent to the Policy Server service listening on the default port of 44443. Therefore, if nofiles(descriptors) is set to 1024, that means that the Policy Server service has 1024 file descriptors available.

Netscape / Sun Java Systems web servers are assumed to be configured for the default of single-process mode (MaxProcs set to 1). Sun Java Systems (formerly iPlanet) v6 runs in multi-process mode by default.

Sockets and IIS/Sun Java Systems Web Agents

For Web Agents installed on IIS or Sun Java Systems Web Servers, the MinSocketsPerPort and MaxSocketsPerPort settings, in the host configuration object, determine the minimum and maximum number of sockets that will be open from the Web Agent to the Policy Server. When the Web server, with an installed and enabled SiteMinder Web Agent, starts, the Agent opens the number of sockets specified by the MinSocketsPerPort setting as defined in the host configuration object for the Agent.

As load increases, the number of sockets also increases, up to the number of sockets specified in the MaxSocketsPerPort setting in the host configuration object. If the Web Agent receives more requests than the number specified in MaxSocketsPerPort, then the overflow requests are placed in a queue.

Note: The queue for overflow requests has a limit of 300.

Each request uses a socket, but not all requests open new sockets. If all sockets from the connection pool are in use, then the Agent opens additional sockets as needed. New sockets are opened in groups defined by the number specified in the newsocketstep setting of the host configuration object. The Agent will continue to open new sockets as needed until the maximum limit specified in the MaxSocketsPerPort setting is reached. Only a single request can be executed on a socket, meaning that a socket is utilized until a reply comes back from the Policy Server. Once a request is completed, the socket is placed into a connection pool so that it can be used to service another request.

Once a socket is opened, it will not be closed. Exceptions include communication errors between the Agent and the Policy Server, and the idling out of connections by the Policy Server. Socket(s) will be closed by the Policy Server if they are unused for the length of time specified by the TCP Idle Session Timeout for the associated service (specified in the Policy Server Management Console).

Sockets and Apache Web Agents

Unlike the other Agents, Apache Web Agents do not use connection pooling. Apache is multi-processed and has a drastically different architecture from IIS and iPlanet Web servers, which are multi-threaded. Apache spawns child processes to handle requests, and uses a configuration setting called MaxClients to determine the maximum number of child processes that it will fork to handle load. The number of child processes is managed by Apache settings in the httpd.conf file. Each child process has its own independent socket connection(s) to the Policy Server. When the Apache parent process forks a child, an initial connection is opened to each Policy Server for the default Agent. The total number of sockets opened from an Apache server at maximum will equal the value of MaxClients times the number of trusted hosts.

Note: This connection model may have major implications for the Web Agent to Policy Server ratio (depending on the version of the Policy server being used), as the limiting factor often becomes connections between the agent and Policy Server, rather than the number of transactions per second. Before deploying Web Agents on Apache, it is very important to ensure that the Policy Server can handle the maximum number of connections that may be opened by all Web Agents that connect to it.

More information:

Sample Calculations for Sockets and Maximum Connections


Copyright © 2010 CA. All rights reserved. Email CA about this topic