Performance configuration
You can tweak the performance of OneSpan Authentication Server by modifying various performance settings:
- Worker threads
- Maximum storage database connections
- Maximum audit database connections
- TCP listen backlog queue size
For recommendations about configuring worker threads, maximum database connections, and maximum audit database connections, refer to the OneSpan Authentication Server Performance and Deployment Guide.
Worker threads
You can configure the number of worker threads via the OneSpan Authentication Server configuration file, i.e. identikeyconfig.xml.
XPath: //VASCO/Task-Manager/Max-Workers/@data
The default value is 30.
<VASCO>
<Task-Manager>
<Max-Workers type="unsigned" data="30"/>
....
</Task-Manager>
...
Maximum database connections (connection pool)
You can configure the maximum number of ODBC connections to the data source that OneSpan Authentication Server can have open at one time. This prevents too many connections being opened to the database in case of peak load. However, each request uses a connection for its duration, so the number of connections effectively limits the number of requests that can be concurrently executed. It may improve performance to increase this setting, when there are a lot of concurrent requests – provided that the database is able to handle the increased load.
OneSpan Authentication Server always adds two connections required for internal communication to the pool. So the effective maximum number of concurrent database connections is the configured limit plus 2.
You can limit the number of concurrent ODBC data storage connections (connection pool):
-
Across all OneSpan Authentication Server instances. You can set the maximum ODBC connections with the Configuration Utility (via Storage > Advanced Settings > Max. Connections) or the Administration Web Interface (via SYSTEM > Server Configuration > Storage > Max. Connections).
The default value is 30.
-
(OPTIONAL) For single OneSpan Authentication Server instances via the OneSpan Authentication Server configuration file of each instance, i.e. identikeyconfig.xml. The value set in the configuration file takes precedence over the value set in the ODBC database.
XPath: //VASCO/Storage/ODBC/Connection-Max/@data
By default, this value is not set in the configuration file.
<VASCO>
<Storage>
<ODBC>
<Connection-Max type="unsigned" data="30"/>
...
</ODBC>
...
Maximum audit database connections
Similar to the ODBC data storage connection limit, you can limit the number of concurrent connections to the audit database. There are two different modules used for audit database connections.
Audit scenario
This scenario module is used for administrative commands that read audit records, e.g. as required by the User Dashboard to retrieve recent user activity. You can limit the concurrent ODBC database connections (connection pool) for the audit scenario:
-
Across all OneSpan Authentication Server instances via the vdsControl table in the database.
vdsControl.vdsName = audit_connection_max
vdsControl.vdsValue = audit_connection_limit
The default value is 30.
-
(OPTIONAL) For single OneSpan Authentication Server instances via the OneSpan Authentication Server configuration file of each instance, i.e. identikeyconfig.xml. The value set in the configuration file takes precedence over the value set in the ODBC database.
XPath: //VASCO/Scenarios/*/Display-Name[@data="Audit Scenario"]/../Audit/ODBC/Connection-Max/@data
By default, this value is not set in the configuration file.
<VASCO>
<Scenarios>
<ScenarioModule05>
<Display-Name data="Audit Scenario" type="string"/>
<Audit>
<ODBC>
<DSN data="IAS embedded database" type="string"/>
<Connection-Max type="unsigned" data="30"/>
...
</ODBC>
</Audit>
...
ODBC audit plug-in
This module is used by OneSpan Authentication Server to write audit records as it captures events and server activity. It is also used by the audit message cleanup task.
You can limit the number of concurrent connections of the ODBC audit plug-in (connection pool) for each single OneSpan Authentication Server instance via the OneSpan Authentication Server configuration file, i.e. identikeyconfig.xml.
XPath: //VASCO/Audit/Plugins//Type[@data="odbc"]/../Plugincfg/Node-List/Node/PoolSize/@data
The default value is 10.
<VASCO>
<Audit>
<Plugins>
<Profile00>
<Type data="odbc" type="string"/>
<Plugincfg>
<Node-List>
<Node>
<PoolSize type="unsigned" data="10"/>
</Node>
....
TCP listen backlog queue size
The TCP listen backlog queue stores the pending incoming connection requests. It directly determines the rate at which new incoming TCP connections can be accepted. If a new connection should be established but the queue is full, the client connection request will be refused by the server. This can lead to performance and authentication issues during peak load, e.g. when a lot of Digipass Authentication for Windows Logon clients attempt to establish a connect at the same time.
The larger the queue size, the higher the rate at which new TCP connections are accepted on a socket.
You can configure the TCP listen backlog queue size for each single OneSpan Authentication Server instance via the OneSpan Authentication Server configuration file, i.e. identikeyconfig.xml.
XPath: //VASCO/Communicators/SoapCommunicator/Listen-Backlog/@data
By default, this value is not set in the configuration file and the queue size is 10.
<VASCO>
<Communicators>
<SoapCommunicator>
<Listen-Backlog type="unsigned" data="10"/>
...
</SoapCommunicator>
...