IBM Support

JVM Tuning for LDAP connection Pooling

Troubleshooting


Problem

Slow response time to logon to Workplace application when Content Engine 4.x configured for SSL.

Resolving The Problem


This performance issue was identified on the following configurations:

- JBoss Application Server 4.0.5
- Active Directory 2003
- P8 Content Engine 4.0.1
- P8 Application Engine 4.0.1
- Content Engine and Active Directory transport configured for SSL.

Both Content Engine and J2EE Application Server use JNDI to communicate with the Directory Service. JNDI comes with LDAP connection pool features which help improve performance. By default, SSL connections to LDAP servers are not pooled in the Application Server JVM and you need to manually enable this feature by adding JNDI system properties.

The following procedure describes how to enable LDAP connection pooling on the Application Server.

A. JBoss Application Server:

1. Stop JBoss.

2. Open run.bat (Windows) or run.sh (UNIX/Linux) from <JBoss_HOME>/bin folder.

3. Add the following system properties to the JAVA_OPTS variable:

-Dcom.sun.jndi.ldap.connect.pool.timeout=300000
"-Dcom.sun.jndi.ldap.connect.pool.protocol=plain ssl"

On UNIX/Linux platforms, you need to use escape characters for double quotes and need to put the JAVA_OPTS variable in double quotes when launching Java.
(For bash shell, you can use backslash (\) to escape double quotes.)

4. Save the changes and restart the application server.

B. Oracle WebLogic Server:

1. Stop WebLogic Server.

2. Open startWebLogic.cmd (Windows) or startWebLogic.sh (UNIX/Linux) from <WebLogic_home>\user_projects\domains\<domain>\bin folder.

3. Add the following system properties to the JAVA_OPTS variable:

-Dcom.sun.jndi.ldap.connect.pool.timeout=300000
"-Dcom.sun.jndi.ldap.connect.pool.protocol=plain ssl"

On UNIX/Linux platforms, you need to use escape characters for double quotes and need to put the JAVA_OPTS variable in double quotes when launching Java.
(For bash shell, you can use backslash (\) to escape double quotes.)

4. Save the changes and restart the application server.


C. WebSphere Application Server:

1. Login to WebSphere Integrated Solutions Console.

2. Click Server > Application Servers > <server> > Server Infrastructure > Java and Process Management > process definition > Java Virtual Machine

3. In the generic JVM arguments field, add the following (all entries on one line separated by a space).

-Dcom.sun.jndi.ldap.connect.pool.timeout=300000
"-Dcom.sun.jndi.ldap.connect.pool.protocol=plain ssl"

(On a WebSphere cluster environment, this configuration must be implemented on all JVMs that are hosting the Content Engine application.)

4. Save the changes and restart the application server.


Important: The above pooling configuration is a starting point for the P8 system; clients' System Administrators should review the JVM JNDI connection pooling specification and monitor their test and production environment, to adjust the configuration for optimal stability and performance. If the pool maxsize is not used then the pool size is dynamically managed by the JVM pool manager. The idle connection will be used before creating new connections and connections are closed when the idle time expires. Please note that if the connection pool maxsize parameter is set, it has to be able to withstand the peak workload on the Content Engine System without (or with very few) pending requests, otherwise the system could encounter failures including but not limited to application server JVM hang. System administrators could use the netstat command, the Directory Server access log, or their preferred tool to monitor LDAP connection and other system resource usage to adjust the connection pool configuration as needed.


The connection pool timeout has to be less than the Directory Server idle connection timeout. Refer Directory Server documentaton to find out the idle connection timeout. If the load balancer is used to load balance Directory Servers then the JNDI connection pool timeout must be less than the load balancer idle connection timeout.

The JNDI connection pooling is managed by the JVM. Visit the following link for more information on JNDI connection pooling:

http://java.sun.com/products/jndi/tutorial/ldap/connect/config.html
 

[{"Product":{"code":"SSNVNV","label":"FileNet Content Manager"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"Content Engine","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"4.5;4.0.1","Edition":"All Editions","Line of Business":{"code":"LOB15","label":"Integration"}}]

Document Information

Modified date:
17 February 2021

UID

swg21358588