Great info John and my head hurts now too... :o) I understand fully the dynamics and differences in environments, usage, etc. I know what we have is not fully optimized and we need to look at all of those options but we need something that is at least stable in the interim. I've already made a few tweaks and hope we can get access to the document referenced in the other message for further recommendations. I'm not at liberty to use anything I want (Government Environment) so our optimization opportunities are limited with what we're allowed to install.
We used the 7.5 P6 installer so 5.5.28 is what that installed. Not sure how often that is updated either. Thanks again, Craig Carter Information Technology Manager, RSP -----Original Message----- From: Action Request System discussion list(ARSList) [mailto:[email protected]] On Behalf Of John Baker Sent: Wednesday, December 01, 2010 2:32 AM To: [email protected] Subject: Current Stable Tomcat/Java Versions/Settings David makes an important point. Tomcat 5.5.28 is over 14 months old, and 6.0.18 is over two years old. Off hand, I don't know what version BMC ship with AR System but I'd hope it was the latest, as minor version increments often include important security bug fixes. I also believe it's difficult to come up with a set of 'default settings' for Tomcat/Apache as it's often something derived on a case by case basis - infrastructure is as important as usage. For example, Apache 2.2 is often configured to use mod_prefork instead of mod_worker. The difference is that mod_perfork spawns separate processes to deal with requests, where as mod_worker uses threads. I've run a simple load test (using http_load) against Apache 2.2 and JBoss (which is Tomcat, as far as this discussion is concerned), and discovered that Tomcat will serve twice as many requests with mod_worker. Setting up Apache to use mod_worker was easy, but that was because my distribution (Redhat El 5.4) made it easy. However, my test was not against the Midtier application but a simple web application that served a simple JSP. Midtier has the added (not insignificant) complication of an AR System back end; there's no point in optimising your web platform if AR System is incapable of dealing with the load, hence one needs to look at that too. Perhaps the following pointers may help? * Apache There's no point simply listing my configuration as it isn't for you, but you need to look at this section in httpd.conf (the default for Apache 2.2 deployed on Redhat EL 5.4): <IfModule worker.c> StartServers 2 MaxClients 150 MinSpareThreads 25 MaxSpareThreads 75 ThreadsPerChild 25 MaxRequestsPerChild 0 </IfModule> MaxClients set to 150 is a little low for a high user base; you may want to consider 1000, and setting ServerLimit to 50. You can find the documentation here (http://httpd.apache.org/docs/2.2/mod/worker.html) and that's a great resource. Also, the KeepAlive setting is switched off by default in this deployment so you may want to switch it on (see the keepalive setting in mod_jk below too). * mod_jk Now let's consider mod_jk, the default options aren't helpful, and here are some suggestions which turns on keepalive, sets the connection and reply timeout to 5s, with 3s timeouts on two other properties that are best described in the docuemntation. worker.basic.socket_keepalive=1 worker.basic.socket_connect_timeout=5000 # Prefer specific properties to ping_timeout #worker.basic.ping_timeout=1000 worker.basic.connect_timeout=3000 worker.basic.prepost_timeout=3000 worker.basic.reply_timeout=5000 worker.basic.ping_mode=A worker.basic.connection_pool_timeout=5 Again, the documentation is here (http://tomcat.apache.org/connectors-doc/reference/workers.html) and it's worth a read. * Tomcat I can't comment on each Tomcat build but most don't seem to have the AJP connector setup, and if you've customised Apache/mod_jk then you'd need to review the connector. It can be found in the server.xml file: <Connector protocol="AJP/1.3" port="8009" address="..." redirectPort="8443" connectionTimeout="5000" keepAliveTimeout="10000" maxThreads="100"/> Again, more options! According to the docs, connectionTimeout (in milliseconds) needs to be set to the mod_jk connection_pool_timeout value (helpfully defined in seconds). I had heard a rumour that it isn't required for mod_worker, but I can't confirm this to be true. My keepAliveTimeout is set to 10s for reasons related to reverse proxies upstream, but I've included it for consideration. * Summary So where does this leave us? Well, my head is hurting thinking about this topic because there are so many options to optimise an Apache/Tomcat deployment before we've even considered load balancers, AR System, the database, etc., and this hasn't covered IIS (but I'd recommend Apache for large busy deployments). We also haven't mentioned mod_cluster (www.jboss.org/mod_cluster), which is the replacement for mod_jk (as mod_jk is about a decade old). The challenge for BMC is that they provide great ITSM solutions, but tuning Apache/Tomcat/JBoss/Weblogic/SSO/etc. is not in scope with the core business. As David points out, Tomcat is delivered for convenience, and in many cases it's perfectly sufficient, but it's not optimised for your environment and it's very difficult to provide a set of recommended options given the large amount of external factors. I hope the references above are a helpful starting point in your research. John -- Single Sign On for AR System http://www.javasystemsolutions.com/jss/ssoplugin _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug11 www.wwrug.com ARSList: "Where the Answers Are" _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug11 www.wwrug.com ARSList: "Where the Answers Are"
