Secure Global Desktop 4.31 Administration Guide > Security > Tuning the SSL Daemon process

Tuning the SSL Daemon process

When you start Secure Global Desktop security services (tarantella security start), the Secure Global Desktop server starts the SSL Daemon. The SSL Daemon is the Secure Global Desktop component that handles secure connections between clients and the Secure Global Desktop server. The SSL Daemon displays as the ttassl process on your system.

By default, the SSL Daemon listens on port 5307 for AIP traffic that has been encrypted with SSL. However, if you are running Secure Global Desktop in firewall forwarding mode, the SSL Daemon listens on port 443 and accepts SSL/AIP and HTTPS traffic. In this situation, the Daemon handles the SSL/AIP traffic but forwards the HTTPS traffic on to the web server.

Sometimes when the load on the SSL Daemon is heavy it can fail to handle connections. To avoid this happening, you can tune the SSL Daemon process so that it starts new processes to handle the increased connection load.

You may also want to tune the SSL Daemon process if you have a multi-processor server. By tuning the number of SSL Daemon processes to the number of processors, you may improve the connection performance.

You tune the SSL Daemon process with the tarantella config edit command and the following command options:

Option	Description
`--tarantella-config-ssldaemon-minprocesses`	The number of SSL Daemon processes that start when security services are started. The default is `1`.
`--tarantella-config-ssldaemon-maxprocesses`	The maximum number of SSL Daemon processes that can be started. The default is `1`.
`--tarantella-config-ssldaemon-maxrestarts`	If the SSL Daemon unexpectedly exits, the maximum number of times it tries to restart before failing completely. The default is `10`.
`--tarantella-config-ssldaemon-logfilter`	A comma separated list of filters used to filter the log output from the SSL Daemon. The default is `ssldaemon//error,multi/daemon/*error:sslmulti%%PID%%.log`.

Note:

This tuning is server-specific; you have to tune each server individually.
You must restart the Secure Global Desktop server (tarantella restart) for any changes to take effect.

How the tuning works

In a default installation, only one SSL Daemon process starts when security services are started and, as the load increases, no further processes are started.

Increasing the maxprocesses allows the SSL Daemon to start new processes when it gets overloaded.

Once started, all SSL Daemon processes continue to run, even if the load reduces.

If you find you regularly need multiple SSL Daemon processes, it may be worth increasing the minprocesses.

If the SSL Daemon fails, either the connections are downgraded to standard connections or the Secure Global Desktop server stops. This is configured on the server's Security properties panel in Array Manager (the If SSL Daemon Doesn't Start attribute).

Logging

The filters you use for the log output have the same format as the ones used for the Secure Global Desktop server. The same severity and destination file options can be used.

By default, all errors are logged to the /opt/tarantella/var/log directory.

Related topics
Securing client connections with Secure Global Desktop security services Security properties (server-specific) Using Secure Global Desktop with the HTTPS port through a firewall Using log filters to troubleshoot problems with the Secure Global Desktop server