Changing operating system settings

Make changes to the operating system settings before you use IBM® Safer Payments.

  1. Log in as root.
  2. The default number of maximum open file descriptors on CentOS/RHEL systems is 1024 per process for normal users. To verify the limit that is valid for your system, run the following command:
    # cat /proc/sys/fs/file-max
  3. Open the file /etc/security/limits.conf.
  4. If the recommended limit of 16384/32768 is valid for your system, add the following lines:
    SPUser hard nofile 32768
    SPUser soft nofile 16384 
    Where SPUser is the name of the user account that you intend to run IBM Safer Payments under.
  5. To enable IBM Safer Payments to run priority-based thread scheduling, you must also add the following line:
    SPUser - rtprio 20
  6. IBM Safer Payments starts numerous CPU threads for parallel processing of messages and simulations. To ensure that the operating system can handle all threads, you must increase the number of maximum user processes. To do so, also add the following line:
    SPUser - nproc 8192
  7. IBM Safer Payments locks some regions in memory to prevent sensitive data like encryption keys from being swapped to disk. To allow this, ensure that the RLIMIT_MEMLOCK resource limit has at least 16MB. Add the following lines:
    SPUser hard memlock 16384
    SPUser soft memlock 16384 
  8. Summary of necessary changes to /etc/security/limits.conf. In this example, the user name of the process that is running IBM Safer Payments is SPUser.
    SPUser hard nofile 32768
    SPUser soft nofile 16384
    SPUser - rtprio 20 
    SPUser - nproc 8192 
    SPUser hard memlock 16384
    SPUser soft memlock 16384
  9. Save /etc/security/limits.conf and restart.
  10. Verify the new settings (optional). Run:
    ulimit -a

Firewall settings

Before you start IBM Safer Payments, check your firewall settings to allow IP messaging between the cluster instances and other systems.

To change your local firewall settings, use firewall-cmd on RHEL.

For more information about how to secure your operating system, see RHEL 8: Using and configuring Firewalld.