On Wed, Sep 18, 2013 at 08:46:44AM +0000, Andy Swiffin wrote:
> I'd be interested to hear from people who are running a busy IdP (like foo at
> kent with O365 through it) as to what tuning you applied to Tomcat. Also
> what do the servicedesk advise?
Here at the University of Manchester we recently moved our Live@EDU domain to
Office 365 with federated access via our existing Shibboleth IDP. We already
used the IDP for Blackboard and eResources, and the IDP is fronted by
JASIG-CAS which we use as a SSO layer for a lot of internal web applications.
The CAS server is also co-hosted on the same server as the Shib IDP. Finally,
we front Tomcat with HTTPD.
As a part of federating access to Office 365 we made a series of performance
improvements, largely to handle the additional load generated by ECP traffic.
We:
* Upped the memory limit and thread limit for Tomcat.
* Increased the maxclient limit for HTTPD.
The thread limit for Tomcat we increased when we started to see errors in the
HTTPD error log about connection timeout whilst trying to connect to Tomcat.
The max client limit we increased when we could see that whilst the initial SYN
packets were being recieved from the client host, HTTPD wasn't accepting them.
Which we picked up from the output of netstat -n (lots of SYN_RECVs).
All the best,
Sam Jones.
|