Managing Server Load
There are a few ways to ensure servers aren’t overworked. The server will by default not handle more than 1 request per second. There is an option to postpone the user requests by a random time period.
Controlling the server-side load
As the enforcement client adds a significant amount of load, especially when the client initially is introduced, some parameters are available for controlling the load amount on the server caused by the Enforcement Client. By default, the settings are disabled, meaning that the server will handle all requests. This is normally not a problem with environments hosting less than 20.000 users.
- HKLM\SOFTWARE\FastPassCorp\Password Manager
- OpenService_AlwaysHandleRequest_GetUserInformation = False (Default false)
- The defaults for throttling are: OpenService_MaximumRequestCountSecond_GetUserInformation=1
- OpenService_MaximumRequestCountHour_GetUserInformation =3660
These can be changed by creating the values in the registry and setting them to the desired values. When the server rejects a request, a warning note in the log is made: eg. “Rejecting to serve the ‘GetUserInformation’ request as one or more maximum counters has been reached.”
These settings will limit the Enforcement client requests (If a user tries to enroll, that operation will not be affected). If 2 clients request status information at the same time, one user will be told to try again later (default 2hours). The same applies for the per minute and hour settings above. The client itself will be silent and not trouble the user in that instance. The client will instead wait for 6 hour before retrying. These settings should be considered with regards to the number of users and hardware setup.
Distributing client-side requests
In the Enrollment Enforcement Client config file, the following has been added in version 3.6
<?xml version="1.0" encoding="utf-8" ?>
- DefaultCheckInterval (Minutes) – determines the duration MyPass will wait when a connection fails in minutes
- PostPonedCheckinterval (Minutes) – determines the duration MyPass will wait when a connection fails in minutes, if the connection to MyPass fails after the Postpone has ended.
- StartupDelay (Seconds) – is the duration the client will wait before attempting anything
- MinimumRandomTimingVariance and MaximumRandomTimingVariance (Seconds) – allows thr system to wait a random number of minutes until attempting to re-connect to the server. This random time is between Minimum and Maximum value – hence if the Minimum value is set to 60, the system will wait at least 60 seconds before attempting to reconnect
- MinimumRandomTimingVarianceAfterPostpone and MaximumRandomTimingVarianceAfterPostpone (Seconds) – allows to system to wait a random amount of minutes until attempting to revonnect to the server after a Postpone period has ended. The random time is between Minimum and Maximum value – hence if the Minimum value is set to 60, the system will wait at least 60 seconds before attempting tp reconnect.
Silencing the client
When deploying the client in an environment where the server is already in operation, it will be necessary to control the operation of all clients in a specific period of time. In the meanwhile, you still want the Enrollment Service to work. To ensure this happens, you can disable the Enforcement Client on the server in the administration client under Enrollment Service>Enforcement Settings