Secure Global Desktop 4.40 Administration Guide
> Security
> Tuning SSL Daemon ProcessesSecure Global Desktop 4.40 Administration Guide
> Security
> Tuning SSL Daemon Processes
The Secure Sockets Layer (SSL) Daemon is the SGD component that handles secure connections between clients and the SGD server.
The SSL Daemon displays as the ttassl processes on the SGD host.
By default, the SSL Daemon listens on TCP port 5307 for Adaptive Internet Protocol (AIP) traffic that has been encrypted with SSL. However, if you are running SGD in firewall forwarding mode, the SSL Daemon listens on port 443 and accepts AIP and HTTPS traffic. In this situation, the Daemon handles the AIP traffic but forwards the HTTPS traffic on to the web server.
Sometimes, the SSL Daemon can fail to handle connections when the load on it is heavy. To avoid this happening, you can tune the SSL Daemon so that it starts new processes to handle the increased connection load.
You might also want to tune the SSL Daemon if you have a multi-processor server. By tuning the number of SSL Daemon processes to the number of processors, you might be able to improve the connection performance.
You tune SSL Daemon processes with the tarantella config edit command and the command options shown in the following table.
| Option | Description |
|---|---|
--tarantella-config-ssldaemon-minprocesses
|
The number of SSL Daemon processes that start when SGD security services are started. The default is 1. |
--tarantella-config-ssldaemon-maxprocesses
|
The maximum number of SSL Daemon processes that can be started. The default is 1. |
--tarantella-config-ssldaemon-maxrestarts
|
If the SSL Daemon unexpectedly exits, the maximum number of times it tries to restart
before failing completely. The default is 10. |
--tarantella-config-ssldaemon-logfilter
|
A comma separated list of filters used to filter the log output from the SSL Daemon. The default is ssldaemon/*/*error,multi/daemon/*error:sslmulti%%PID%%.log. |
SSL Daemon tuning is specific to each SGD server. You have to tune each server individually. After tuning the SSL Daemon, you must restart the SGD server for any changes to take effect.
In a default installation, only one SSL Daemon process starts when security services are started and, as the load increases, no further processes are started.
Increasing the maxprocesses allows the SSL Daemon to start new processes when it gets overloaded.
Once started, all SSL Daemon processes continue to run, even if the load reduces.
If you find you regularly need multiple SSL Daemon processes, it might be worth increasing the minprocesses.
The filters you use for the log output have the same format as the ones used for the SGD server. The same severity and destination file options can be used.
By default, all errors are logged to the /opt/tarantella/var/log directory.
Copyright © 1997-2007 Sun Microsystems, Inc. All rights reserved.