Chapter 14: Adjust Performance
This section contains the following topics:
Web Agent Cache (see page 181)
Control How Long Resource Enteries Remain Cached (see page 182) Set the Maximum Resource Cache Size (see page 183)
Disable the Resource Cache (see page 184)
Set the Maximum User Session Cache Size (see page 184) Cache Anonymous Users (see page 185)
Accommodate Testing Tools that do not send HOST Headers (see page 186)
Web Agent Cache
The Web Agent stores user session and resource information in cache memory. This technique improves the Web Agent efficiency because the Web Agent does not have to retrieve information from the Policy Server each time a user requests access.
By configuring the cache settings, you can manage how this information is stored. The size of the cache is measured by the number of cache entries. The total number of entries in each cache cannot exceed the maximum cache size specified.
Note: You have to restart the Web Server for changes in the Web Agent cache settings to take effect.
The following guidelines apply to cache management:
■ When a cache is full, new entries replace the least recently used entries.
■ For the resource cache, entries are removed when the value of the ResourceCacheTimeout parameter is reached.
■ For the user session cache, entries are removed based on the session timeout values that you set for each realm.
SiteMinder empties cached resource information when you modify a policy. You can also empty the user and resource caches manually from the Policy Server User Interface.
Note: For more information, see the Policy Server documentation.
182 Web Agent Guide
Control How Long Resource Enteries Remain Cached
You can change the amount of time that resource entries will remain in the cache with the following parameter:
ResourceCacheTimeout
Specifies the number of seconds that resource entries remain in the cache. If a user tries to access a protected resource after the time interval has been exceeded, the Web Agent removes the cached entries and contacts the Policy server.
Default: 600 (10 minutes)
Note: If you change the value of this parameter, you must restart the web server to apply the change.
To change how long the resource entries remain cached, set the ResourceCacheTimeout parameter to the number of seconds you want.
Set the Maximum Resource Cache Size
Chapter 14: Adjust Performance 183
Set the Maximum Resource Cache Size
You can set a maximum on the number of resource cache entries, such as Web pages, that the Web Agent tracks with the following parameter:
MaxResourceCacheSize
Specifies the maximum number of entries that the Web Agent keeps in its resource cache. An entry contains the following information:
■ A Policy Server response about whether a resource is protected
■ Any additional attributes returned with the response
When the maximum is reached, new resource records replace the oldest resource records.
If you set this value to a high number, be sure that sufficient system memory is available.
If you are viewing Web Agent statistics using the OneView Monitor, you may notice that the value shown for the ResourceCacheCount is greater than the value you specified for the MaxResourceCacheSize parameter. This is not an error. The Web Agent uses the MaxResourceCacheSize parameter as a guideline and the values may at times differ because the
MaxResourceCacheSize parameter represents the maximum number of average-sized entries in the resource cache. The actual cache entries are most likely larger or smaller than the pre-determined average size; therefore, the effective maximum number of entries may be more or less than the value specified.
Note: For Web Agents that use shared memory, such as the framework Agents, the cache is pre-allocated to a constant size based on the
MaxResourceCacheSize value and will not grow.
Default: (Domino web servers) 1000
Default: (IIS and Sun Java System web servers) 700 Default: (Apache web servers) 750
To set the maximum resource cache size
1. Set the value of the MaxResourceCacheSize parameter to the maximum number of resources you want.
2. For framework agents, you must restart the web server to apply the change.
The maximum resource cache size is changed.
184 Web Agent Guide
Disable the Resource Cache
If you are protecting an application that uses dynamic, unique URLs, you may want to disable the resource cache. Since the URLs used by the application are unique, then they will not be read from the cache.
To disable the resource cache, change the value of the MaxResourceCacheSize to zero.
Set the Maximum User Session Cache Size
You can set a maximum for the number of users the Agent maintains in the session cache with the following parameter:
MaxSessionCacheSize
Specifies the maximum number of users the Agent maintains in its session cache. The session cache stores the session IDs of users who authenticate successfully. Authenticated users accessing other resources within the realm during a session, are authenticated using the session cache instead of the Policy Server. When the maximum number is reached, the Agent replaces the oldest user records with new user records.
Base the value of this parameter on the number of users that you expect to access and use resources for a sustained period. If you set this value to a high number, verify that sufficient system memory is available.
Note: Regardless of the cache size, all entries in the session cache of the Web Agent expire automatically after one hour.
Default: (Domino web servers) 1000
Default: (IIS and Oracle iPlanet web servers) 700 Default: (Apache web servers) 750
To set a maximum size of the user session cache
1. Set the value of the MaxSessionCacheSize parameter to the maximum number of users you want.
2. For framework agents, you must restart the web server to apply the change.
The maximum user session cache size is changed.
Cache Anonymous Users
Chapter 14: Adjust Performance 185
Cache Anonymous Users
You can configure the Web Agent to store anonymous user information in a cache with the following parameter:
CacheAnonymous
Specifies if the Web Agent caches anonymous user information. You may want to set this parameter in any of the following situations:
■ If your web site gets mostly anonymous users and you want to store their session information.
■ If your web site gets a mix of registered and anonymous users.
You may want to disable this parameter to keep the anonymous user information from filling the cache and leaving no room for registered users.
Default: No
To store anonymous user information in cache, set the value of the CacheAnonymous parameter to yes.
186 Web Agent Guide
Accommodate Testing Tools that do not send HOST Headers
The SiteMinder Web Agent uses the value of the HOST header in an HTTP request to determine the following settings:
■ Agent name
■ Server name
■ Server IP address
SiteMinder Web Agents only accept HTTP version 1.1 requests, because HTTP versions 0.9 and 1.0 do not use HOST headers. This poses problems for some testing tools that do not send HOST headers, because the Web Agent rejects those requests.
SiteMinder r6.0 SP6 supports a new Agent Configuration parameter that lets you define a HOST header value. The Web Agent uses this value in any request that does not contain a HOST header.
To accommodate testing tools that do not send HOST headers 1. Open one of the following items:
■ If you are using Central Configuration, open your Agent Configuration Object.
■ If you are using Local Configuration, open your LocalConfig.conf file.
2. Add the following parameter:
DefaultHostName
Defines a value for the HOST header. Add this parameter to your Agent Configuration Object or LocalConfig.conf file to use a testing or performance tool that sends HTTP version 0.9 or version 1.0 requests (without HOST headers). If this parameter is not set, the Web Agent only accepts HTTP 1.1 requests.
Default: None (blank)
Example: webserver.example.com
3. Set the value of the previous parameter to the host name you want. See the previous example.
4. Save and close one of the following items:
■ If you are using Central Configuration, save and close your Agent Configuration Object.
■ If you are using Local Configuration, save and close your LocalConfig.conf file.
The Web Agent substitutes the DefaultHostName value for any HTTP request without a HOST header.