Document toolboxDocument toolbox

Nexus Documentation
CURL vulnerability information (CVE-2023-38545) - Nexus awareness advisory on Microsoft's update KB5014754

Adapt Digital Access component for large deployment

Owned by Karolin Hemmingsson (Unlicensed)
Last updated: Feb 23, 2024 by Josefin Klang (Deactivated)
2 min read

This article includes updates for Digital Access 6.3.1.

This article lines out what actions can be done to adapt the Smart ID Digital Access component for large concurrent usage. Not two installations look the same and therefore it is natural that performance configurations differ from setup to setup.

In the docker based Digital Access deployment, all services will automatically use the available amount of memory (RAM) that is available on the host system.

Usage scenarios

The following usage scenarios are considered below:

USAGE-LOW: 0-100 concurrent users

USAGE-MEDIUM: 101-1000 concurrent users

USAGE-HIGH: 1001-5000 concurrent users

USAGE-HIGHER: 5000- concurrent users

The memory impact for a single user might differ greatly between systems depending on the use case. Some back-end resources are a lot heavier on the Digital Access component than others, and different usage scenarios, for example the Access Client in Digital Access, might put different load on the system. If it is noted that the system is slow in response, or that out-of-memory errors can be seen in the logs, it is suggested to select a higher usage level even if the amount of users does not imply this.

Set access point performance

  1. Log into Digital Access Admin with an administrator account.

  2. In Digital Access Admin, go to Manage System.

  3. Click Access Points > Manage Global Access Point Settings and configure the settings accordingly. See the table below.

  4. If the system uses many Tunnel Connections, that is, Access Client users, raise the max number of Tunnel Connections accordingly. The max number of Tunnel Connections is the number of concurrent users multiplied by average number of tunnels per user. Also add space to accommodate for usage peaks.

  5. If it is noted that systems with heavy usage still suffers from performance issues after these tweakings, it is suggested to expand the system to balance the load on several nodes. This means adding more Access Point Nodes and Policy Server Nodes for the access, and if needed, more Authentication Servers also.

Usage scenario

Worker threads

Size of socket listening backlog

Usage scenario

Worker threads

Size of socket listening backlog

USAGE-LOW

200

25

USAGE-MEDIUM

300

35

USAGE-HIGH

500

50

USAGE-HIGHER *

*To configure a higher value than 700, Digital Access component 5.10.0 or higher must be used.

700

75

Java heap space allocation

Usually when there is no specific allocation done, the java heap space is roughly 25% of the available memory for the service.
In larger deployments, sometimes not setting any limit or specific memory to the java heap might result in the out-of-memory error.

How to do java hep space allocation in Digital Access:

  1. Add the following lines in customize.conf:

    wrapper.java.additional.30=-Dworkaround wrapper.java.additional.31=-Xmx2048m

    This will allocate the java heap size to 2GB.

  2. Set the following parameters in customize.conf to print the outcome and to help determine the memory actually allocated along with some other useful information: 

    wrapper.java.additional.32=-XX:+PrintCommandLineFlags wrapper.java.additional.33=-XxshowSettings:vm



Copyright 2024 Technology Nexus Secured Business Solutions AB. All rights reserved.
Contact Nexus | https://www.nexusgroup.com | Disclaimer | Terms & Conditions