KB Article #178443
SecureTransport Tuning
Problem
There are many configuration parameters that can be adjusted in SecureTransport and they are spread among many files as well as stored in the DB.
This article aims to help with tuning SecureTransport and finding the necessary place to apply a configuration change.
It's important to keep in mind that tuning is a constantly evolving process in which you establish a set of baselines and optimal settings through repetitive testing and evaluation. There is no definitive guide or a magic set of options, you are responsible for evaluating performance, making incremental changes and re-evaluating until you reach your goals.
Resolution
- Memory tuning
- Database tuning
- Transaction Manager Tuning
- FTP Server Tuning
- HTTP Server Tuning
- SSH Server Tuning
- AS2 Server Tuning
- PeSIT Server Tuning
- SOCKS Proxy Tuning
1. Memory tuning ↑
All protocol daemons have a minimum and a maximum Heap Size value defined by the JAVA_MEM_MIN and JAVA_MEM_MAX parameters. The configuration options are available in the startup scripts located in the $FILEDRIVEHOME/bin folder.
Note: Starting SecureTransport 5.5, there is a global configuration file,
which would allow you to set JAVA_MEM_MIN, JAVA_MEM_MAX, and JAVA_OPTS
parameters for the start scripts.
The filename of the script is STStartScriptsConfig, located in the $FILEDRIVEHOME/conf folder.
Additional details on this file and its configuration could be found in the Admin Guide, Advanced protocol server configuration section, available in our Docs portal.
WARNING: The actual memory usage of a given daemon can exceed the value defined for Max Heap Size. This is due to the way a JVM works, thus one must be cautious not the exhaust the RAM memory available on a given server.
start_admin
When tuning the memory for the Admin Service, one must take into consideration how many administrators would be using the service at a given time.
Also, what types of Administrators - Full or Delegated. Delegated administrators consume more memory when doing File Tracking searches (one of the most memory consuming operations).
Example values that would cover most use cases:
JAVA_MEM_MIN="1G" JAVA_MEM_MAX="2G"
start_as2d
Example values that would cover most use cases:
JAVA_MEM_MIN="512M" JAVA_MEM_MAX="1G"
start_ftpd
Example values that would cover most use cases:
JAVA_MEM_MIN="512M" JAVA_MEM_MAX="1G"
start_httpd
Example values that would cover most use cases:
JAVA_MEM_MIN="512M" JAVA_MEM_MAX="1G"
start_pesitd
Example values that would cover most use cases:
JAVA_MEM_MIN="1G" JAVA_MEM_MAX="2G"
start_sshd
Example values that would cover most use cases:
JAVA_MEM_MIN="1G" JAVA_MEM_MAX="4G"
There are additional options for the startup script, discussed in the SSH Server Tuning chapter.
start_socks
Example values that would cover most use cases:
JAVA_MEM_MIN="512M" JAVA_MEM_MAX="1G"
start_tm_console
Example values that would cover most use cases:
JAVA_MEM_MIN="2G" JAVA_MEM_MAX="4G"
WARNING: These are example values that would work in most use cases. Given the nature of SecureTransport, one cannot easily determine how much memory will be needed on a given environment. After performing an initial tuning, it is recommended to monitor the actual usage of any protocol of interest and then adjust accordingly.
More information on monitoring JVM memory: KB 176359
2. Database tuning ↑
c3p0 in configuration.xml
The configuration changes are to be made to the hibernate.c3p0.min_size and hibernate.c3p0.max_size parameters for each component.
When running ST on MySQL DB:
| DB Component | Min Value | Max Value |
|---|---|---|
| AdminComponent | 20 | 50 |
| AS2Component | 50 | 100 |
| FTPDComponent | 50 | 100 |
| HTTPDComponent | 50 | 100 |
| PesitComponent | 50 | 100 |
| ServerLogComponent | 50 | 150 |
| SSHDComponent | 50 | 100 |
| TransactionManagerComponent | 50 | 150 |
| TransferLogComponent | 50 | 150 |
When running ST on Oracle DB:
| DB Component | Min Value | Max Value |
|---|---|---|
| AdminComponent | 1 | 50 |
| AS2Component | 1 | 50 |
| FTPDComponent | 1 | 50 |
| HTTPDComponent | 1 | 50 |
| PesitComponent | 1 | 50 |
| ServerLogComponent | 1 | 50 |
| SSHDComponent | 1 | 50 |
| TransactionManagerComponent | 10 | 50 |
| TransferLogComponent | 1 | 50 |
When running ST on MSSQL DB:
| DB Component | Min Value | Max Value |
|---|---|---|
| AdminComponent | 20 | 50 |
| AS2Component | 50 | 100 |
| FTPDComponent | 50 | 100 |
| HTTPDComponent | 50 | 100 |
| PesitComponent | 50 | 100 |
| ServerLogComponent | 50 | 150 |
| SSHDComponent | 50 | 100 |
| TransactionManagerComponent | 50 | 250 |
| TransferLogComponent | 50 | 150 |
Embeded MySQL
Changes are to be made to $FILEDRIVEHOME/conf/mysql.conf
Max Connections
The maximum number of connections the DB can accept. Suggested value is the sum of all required connections per daemon + 300(system)
max_connections=1300
Table Cache
Suggested value is N * max_connections, where N is the maximum number of tables per join in any of the queries which you execute. Suggested N=5.
table_open_cache=6500
WARNING: Approximately 6.5 GB of memory will be pre-allocated during startup!
Innodb Log Size
The size in bytes of the buffer that InnoDB uses to write to the log files on disk. The default value changed from 8MB to 16MB with the introduction of 32k and 64k innodb_page_size values. A large log buffer enables large transactions to run without the need to write the log to disk before the transactions commit. Thus, if you have transactions that update, insert, or delete many rows, making the log buffer larger saves disk I/O.
innodb_log_buffer_size=1024M
Query Cache Configuration
This line enables the query cache.
NOTE: Must be added to the configuration file.
query_cache_type=1
Query Cache Size
The size of the query cache.
query_cache_size=32M
External Oracle
Information taken from the Installation Guide.
Redo log groups: 3 Redo log file size: 500 MB Gather optimizer statistics: Weekly or with any 10 percent change in the record count. DB_CACHE_SIZE: 1 GB or larger. You should set this as high as possible to improve performance. OPEN_CURSORS: at least 1000 SHARED_POOL_SIZE: 150 MB per node in the cluster PROCESSES: 1000 or more
External Microsoft SQL
Information taken from the Installtion Guide.
The database must have the READ_COMMITED_SNAPSHOT option set to ON To check if option is enabled, execute the following query: SELECT is_read_committed_snapshot_on FROM sys.databases WHERE name = yourdatabase If it is not set, you can set it by executing the following: ALTER DATABASE yourdatabase SET READ_COMMITTED_SNAPSHOT ON
3. Transaction Manager Tuning ↑
Disk I/O
The two properties are used to provide better control over buffering and more precisely the size of the buffers and when to sync(flush the buffer content) to the disk.
If you leave the two properties empty – the default buffer size of 32 KB will be used and will be flushed once when the buffer is full. Decreasing the buffer size will cause more I/O operations and eventually decrease performance – on the other hand increasing buffer size could improve the performance (the cost is more physical memory - RAM), but you must be careful when choosing the right value – it is strongly dependent on the underlying hardware. The right value for the buffer size could not be chosen without experimenting on specific hardware.
The option TransactionManager.syncFileToDiskEveryKB provides mechanism to flush the buffer content to disk before it capacity is reached allowing ST to use large buffers and flush its content regularly. Increasing this value more than TransactionManager.fileOIBufferSizeInKB will make no sense and will have no impact, but decreasing it will cause more I/O operations and slow performance respectively.
TransactionManager.fileIOBufferSizeInKB=64 TransactionManager.syncFileToDiskEveryKB=64
Thread Pools - Concurrent users
This setting defines the maximum number of threads that can accept events from the protocol daemons (ftpd, httpd, as2d, sshd). One TM node cannot serve more concurrent users than the value specified here.
TransactionManager.ThreadPools.ThreadPool.EventMonitor.maxThreads=1024
Thread Pools - Processing transfers
Specifies the number of threads that can process non-advanced routing asynchronous events, stored in the database. These include client and server initiated transfers. The value should be equal or bigger than *.ServerTransfer.maxThreads.
Suggested size is 1.5x~2x concurrent users count
EventQueue.ThreadPools.ThreadPool.maxThreads=1024
Thread Pools - Post-processing files
This setting defines the number of threads allocated for advanced routing post-processing events, stored in the database.
By reducing *.ThreadPool.maxThreads and increasing *.AdvancedRouting.maxThreads you can allocate more resources towards post-processing vs transfers.
Suggested size is equal to EventQueue.ThreadPools.ThreadPool.maxThreads
EventQueue.ThreadPools.AdvancedRouting.maxThreads=1024
Thread Pools - Outbound transfers
This value specifies the maximum number of threads handling server initiated transfers. All events that are not persisted in the database are executed from this thread pool. It is recommended setting the same value as for *.EventMonitor.maxThreads.
How many SIT transfers can be processed simultaneously at most. Suggested size is same as EventMonitor.maxThreads.
TransactionManager.ThreadPools.ThreadPool.ServerTransfer.maxThreads=1024
Thread Pools - Rule Engines
RuleEngines are used to evaluate the agent chain for a given event. This setting defines the number of rule engines ST can use concurrently.
TransactionManager.RuleEngine.pool=64
EventQueue - Queue size
Maximum size limit of the Event Queue. Adjusted to accommodate the events generated by both Server-Initiated and Client-Initiated transfers.
EventQueue.SizeLimit.maxQueueSize=10240
EventQueue - Batch size
EventQueue processing batch size. Supported only for Standard Cluster.
EventQueue.maxClusterBatchSize=20
Maximum simultanious connections to a remote host
Maximum number of concurrent sessions established to any one given partner for Server-Initiated Transfers (SITs), that are not triggered by an Advanced Route.
OutboundConnections.maxConnectionsPerHost=1000
Cluster - mergeTimeout
The timeout to wait for merge. The default timeout is 60000. Supported only for Standard Cluster.
Cluster.mergeTimeout=30000
Cluster - nodeListRefreshTime
How often (in seconds) should the cluster check for new/removed nodes. Requires restart for the new value to take effect. This parameter is supported only for LEC.
Cluster.nodeListRefreshTime=10
Cluster - ThreadPools.ThreadPool.EventQueueMessageProcessing.maxThreads
The maximum number of threads for EventQueueMessageProcessing. Supported only for Standard Cluster.
Cluster.ThreadPools.ThreadPool.EventQueueMessageProcessing.maxThreads=300
Cluster - ThreadPools.ThreadPool.EventQueueMessageProcessing.minThreads
The minimum number of threads for EventQueueMessageProcessing. Supported only for Standard Cluster.
Cluster.ThreadPools.ThreadPool.EventQueueMessageProcessing.minThreads=75
Cluster - ThreadPools.ThreadPool.TransferStatusMessageProcessing.maxThreads
The maximum number of threads for TransferStatusMessageProcessing. Supported only for Standard Cluster.
Cluster.ThreadPools.ThreadPool.TransferStatusMessageProcessing.maxThreads=300
Cluster - ThreadPools.ThreadPool.TransferStatusMessageProcessing.minThreads
The minimum number of threads for TransferStatusMessageProcessing. Supported only for Standard Cluster.
Cluster.ThreadPools.ThreadPool.TransferStatusMessageProcessing.minThreads=75
Cluster- Status.heartbeatTimeout
How long after the last heartbeat a node is considered unresponsive and is removed from the cluster (in seconds). Requires Admin UI and TM restart if changed.
Cluster.Status.heartbeatTimeout=60
4. FTP Server Tuning ↑
DataBufferSize
FTP data connection buffer size. Allocated on every transfer.
Ftp.DataBufferSize=131072
DataTimeout
The number of seconds the server waits to read a block of data from the client, or write a block of data to the client. If not specified, its value is infinity.
Ftp.DataTimeout
ListenBacklog
Set the size of the sockets backlog.
Ftp.ListenBacklog=1024
LoginFailureDelay
Specifies the time in milliseconds for which the client is delayed to login after invalid login attempt. Increasing the value can slow down brute force attacks or rogue clients.
Ftp.LoginFailureDelay=500
MaxClients
Set maximum number of concurrent connections. 0 means unlimited.
Ftp.MaxClients=500
ReadBufferSize
Ftpd read buffer size. Parameter is increased to avoid excessive streaming traffic due to fragmentation.
Ftp.ReadBufferSize=131072
ReceiveBufferSize
Ftpd receive buffer size.
Ftp.ReceiveBufferSize=131072
WorkerThreads.maxThreads
The maximum number of worker threads in the FTP daemon used for the processing of the requests.
Ftp.WorkerThreads.maxThreads=1024
5. HTTP Server Tuning ↑
AcceptQueueSize
The number of connection requests that can be queued up before the operating system starts to send rejections.
Http.AcceptQueueSize=10000
Connection MaxIdleTime
The maximum Idle time (in milliseconds) for a connection.
Http.Connection.MaxIdleTime=300000
MaxSimultaneousTransfers
Maximum simultaneous transfers per client.
Http.MaxSimultaneousTransfers=25
Monitor IterationCount
Sets the maximum number an HTTP request can drop below the specified minimum bandwidth (See Http.Request.MinBandwidth).
If a request drops below that threshold, the connection is reset. Default value: 10. Cannot be set to 0. Option is ignored if HTTP request monitor service is disabled.
Http.Monitor.IterationCount=10
Request MinBandwidth
Sets the minimum processing bandwidth for incoming HTTP requests. If an incoming request drops below the specified minimum bandwidth more than a specified number of times (see Http.Monitor.IterationCount), the connection is reset.
Possible values: <number of bytes per second> | 0. Default value is 0. If the value is set to 0 - the request monitor service is disabled.
Http.Request.MinBandwidth=0
ThreadPool MaxThreads
HTTP server request thread pool maximum threads.
Http.ThreadPool.MaxThreads=1024
ThreadPool MinThreads
HTTP server request thread pool minimum threads.
Http.ThreadPool.MinThreads=128
ThreadPool ThreadsIdleTimeMillis
How much time (in milliseconds) a thread from the thread pool should stay idle before it's stopped.
Http.ThreadPool.ThreadsIdleTimeMillis=60000
6. SSH Server Tuning ↑
Note that the SSH procol has additional tuning parameters in each SSH Transfer Site!
max.pta.wait
Specifies how many milliseconds is the maximum wait time that the SSH server won't return response if the file is currently being processed.
Ssh.max.pta.wait=2000
maxChannels
Maximum channels per client. A single SSH connection may contain multiple channels, all run simultaneously over that connection.
Each channel, in turn, represents the processing of a single service. When you invoke a process on the remote host with Net::SSH, a channel is opened for that invocation, and all input and output relevant to that process is sent through that channel. The connection itself simply manages the packets of all of the channels that it has open.
Ssh.maxChannels=30
maxConnections
Maximum allowed connections to SSHD. Configurable in the SSH Settings page.
Ssh.maxConnections=100
7. AS2 Server Tuning ↑
Receiver.maxContentLength
Maximum file sizes for receiving. The default maximum file size is 50 megabytes, 0 for unlimited. Configurable in the AS2 Settings page in the Admin UI.
As2.Receiver.maxContentLength=200
Sender.maxContentLength
Maximum file sizes for sending. The default maximum file size is 50 megabytes, 0 for unlimited. Configurable in the AS2 Settings page in the Admin UI.
As2.Sender.maxContentLength=200
8. PeSIT Server Tuning ↑
Note that the PeSIT protocol has additional tuning parameters in each PeSIT Transfer Site!
EventQueue.ThreadPools.PESIT.idleTime
How much time (in milliseconds) a thread from the thread pool should stay idle before it's stopped for PeSIT server.
EventQueue.ThreadPools.PESIT.idleTime=60
EventQueue.ThreadPools.PESIT.maxThreads
Maximum number of threads for PeSIT server thread pool.
EventQueue.ThreadPools.PESIT.maxThreads=1024
EventQueue.ThreadPools.PESIT.minThreads
Minimum number of threads for PeSIT server thread pool.
EventQueue.ThreadPools.PESIT.minThreads=128
Pesit.ASCII.recordsInfo.bulk.size
When transferring files over PeSIT protocol in ASCII mode, SecureTransport counts the number of characters on each line and stores them in memory. When transfer is finished, this data is stored on the file system. This parameter limits the number of line counters stored in memory (each counter is 4 bytes) before the data gets flushed to file. Increasing this parameter can improve performance but will increase the memory usage by the TM and the PeSIT daemon. Allowed values are greater or equal to 1024. The default value is 32768.
Pesit.ASCII.recordsInfo.bulk.size=32768
Pesit.Connection.Release.Timeout
PeSIT Connection release timeout. Configurable in the PeSIT Settings page in the Admin UI.
Pesit.Connection.Release.Timeout=60
Pesit.CreateSelect.Timeout
PeSIT CREATE/SELECT timeout. Configurable in the PeSIT Settings page in the Admin UI.
Pesit.CreateSelect.Timeout=300
Pesit.Inactivity.Timeout
PeSIT Protocol inactivity timeout. Configurable in the "PeSIT Settings" page.
Pesit.Inactivity.Timeout=60
Pesit.MaxConnections
PeSIT maximum number of opened connections. The "Maximum Connections Number" parameter determines how many TCP connections can be initiated, regardless of the number of transfers. Configurable in the PeSIT Settings page in the Admin UI.
More information: KB 177257
Pesit.MaxConnections=200
Pesit.MaxSessions
PeSIT maximum number sessions. The "Maximum Sessions Number" parameter determines how many separate PeSIT transfers can be run simultaneously to you. Configurable in the PeSIT Settings page in the Admin UI.
More information: KB 177257
Pesit.MaxSessions=200
Pesit.Server.pTCP.Buffer.Size
PeSIT server pTCP buffer size in bytes - size of the the buffer collecting data from multiple pTCP connections into one. Does not require restart of PeSIT servers when changed. Takes effect for new transfers after a change.
Set extra large value for – larger than file size. 100 MB = 104857600 bytes.
Pesit.Server.pTCP.Buffer.Size=104857600
Pesit.Server.Socket.Buffer.Size
Socket send/receive buffer size in bytes for PeSIT servers. Corresponds to SO_SNDBUF/SO_RCVBUF settings of TCP layer. Requires restart of PeSIT servers when changed.
Set Receive Buffer size to zero to eliminate socket buffering.
Pesit.Server.Socket.Buffer.Size=0
9. SOCKS Proxy Tuning ↑
Socks.Idle.Timeout
If server-initiated transfers being performed using FTP(S) are passing through the SOCKS5 proxy, increase the value of the Socks.Idle.Timeout server configuration parameter on the SecureTransport Edge from 600000 to 7200000 milliseconds.
Socks.Idle.Timeout=7200000
Server IP (interface)
Specifies the server host for proxy server. The default value is 0.0.0.0. In other words, configure the interface that faces internally (backends)
OutboundConnections.Proxy.serverHost
Client IP (interface)
Specifies the source address/hostname for outgoing connections established from the Proxy service. Only useful on systems with more than one address. In other words, configure the interface that faces externally (internet)
OutboundConnections.Proxy.clientHost