Tuesday, May 10, 2016

Tuning WSO2 API Manager gateway and key manager in distributed deployment.

I have discussed about tuning WSO2 API Manager in previous post as well. But in this article i will list some of the configurations related to distributed deployment when we have gateways and key managers. Please try to add below configurations and see how it help to improve performance.

We may tune synapse configuration by editing /repository/conf/synapse.properties file.
synapse.threads.core=100
synapse.threads.max=250
synapse.threads.keepalive=5
synapse.threads.qlen=1000

Validation interval can be increased to avoid frequent connection validations. As of now it was set to 30000ms.
<testOnBorrow>true</testOnBorrow>

<validationQuery>SELECT 1</validationQuery>
<validationInterval>120000</validationInterval>

Also consider following database tuning parameters as per database administrators recommendation(i have listed sample values we use for performance tests).
<maxWait>60000</maxWait>

<initialSize>20</initialSize>
<maxActive>150</maxActive>
<maxIdle>60</maxIdle>
<minIdle>40</minIdle>


Add following parameters to enable gateway resource and key cache.
<EnableGatewayKeyCache>true</EnableGatewayKeyCache>

<EnableGatewayResourceCache>true</EnableGatewayResourceCache>


For key manager following entry is enough. Since gateway cache is enabled we can disble key manager cache.
But if you have JWT usecase please enable following.
<EnableJWTCache>true</EnableJWTCache>



We need to have HTTP access logs to track incoming out going messages.
But for this deployment if we assume key managers are running in DMZ then no need track http access.
So we may disable http access logs for key manager. We need to consider this parameter case by case and if you don't use http access logs you can consider this option.
Here i assume we are using web service based key validation call from gateway to key manager(not thrift client).

To do that add following entry to /repository/conf/log4j.properties file.
log4j.logger.org.apache.synapse.transport.http.access=OFF

No comments:

Post a Comment