?
Solved

Server Side Configuration Tweaks

Posted on 2005-03-01
11
Medium Priority
?
347 Views
Last Modified: 2008-02-26
I've been advised of some good client side tweaks for the Novell Client like turning File Caching off and turning File Commit on, much from reading the likes of commentary from ShineOn and PsiCop.  

One of you good folks mentioned there are some server side configs that could improve performance.  I have a Netware 6.0 SP3 (SP5 very soon) server.  Any recommendations?
0
Comment
Question by:djhath
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
11 Comments
 
LVL 35

Accepted Solution

by:
ShineOn earned 1000 total points
ID: 13432647
First is to apply SP5 of course.

Also check the patches section for post-SP5 patches.

Upgrade your eDirectory to 8.7.3.3 (or whatever the latest interim release is) and plan to upgrade to 8.8 after the first SP for that is out.

Assuming you are using all NSS and no traditional volumes, you should adjust your NSS cache balance to 80-85% - it defaults to 60% for NW6, which was OK for mixed traditional and NSS, but nowadays folx usually use all NSS...

Make sure none of your user data resides on SYS.  Anything that might be on SYS that would generate a lot of transient files should have the directory set for immediate purge.  You do NOT want to let SYS free space get below 10%, and 30% is the minimum that would make me comfortable.

You want to use the set commands to disable client-side caching and level 2 oplocks.

If you run into communications issues, you can tweak some of the settings there.  A common one is to set minimum packet receive buffers to 2000.

If your server gets really tight on free cache memory, you can change the packet size from the defautl to the size Ethernet actually uses.  It won't do much for your traffic, but it will reduce the memory requirements for each packet buffer.

One of the more esoteric oddball tweaks that you rarely see for TCP/IP tuning is Minshall's algorithm.  It's a refinement used in addition to Nagle's algorithm and delayed acks, which were developed to improve response time over a WAN.  Some LANs have problems with turning off delayed ack and Nagle algorithm, which is usually done to improve backup/restore over a LAN, but you do appear to gain some benefit by using Minshall's algorithm.  It is set off by default, while the other 2 are on by default.
0
 
LVL 24

Assisted Solution

by:SunBow
SunBow earned 200 total points
ID: 13432881
Manage your trashcan and pathnames.
Long pathnames take a lot of time, in the overall scheme of things.
Try to limit (in design) of quantity of files and subdirectories with a directory
(that's MS talk)
Managing ram can help, more is better.  More buffers, etc.
For tweaking I think you really need to know topology very well, such as for timing transactions, transmissions, etc., it is possible that some of that is not needed.
Beware of making a tweak that cannot be undone by an upgrade that does not know it is there
0
 
LVL 34

Assisted Solution

by:PsiCop
PsiCop earned 800 total points
ID: 13433522
Actually, if your server has no Traditional/FAT Volumes and only has NSS Volumes, then you should turn OFF CacheBalance and set the Minimum NSS Cache Buffers to be whatever the server is using after a few workdays. See Novell TID #10091980 (http://support.novell.com/cgi-bin/search/searchtid.cgi?/10091980.htm), which describes a known memory fragmentation issue in NetWare v6.x (through v6.5 SP2).

In a nutshell, the *default* Novell Storage Services (NSS) configuration in NetWare is deferential to the needs of older FAT filesystem, even on servers that do not have FAT filesystems. As NSS runs on such a server, if it allocates RAM for NSS disk cache and later decides it does not need a particular allocation, it will "balance" that allocation back to the OS for the needs of FAT filesystem caching. Over an *extended* period of time, this causes memory fragmentation, and as available memory allocations of 4096 bytes (the size of an NSS cache buffer) or larger are exhausted through fragmentation, NSS begins to starve for memory. The server may have adequate RAM, but its broken up into chunks too small for NSS to use. The symptoms will include "Cache Memory Allocator Out of Available Memory (SERVER-5.70.0)" error messages on the console, and disruption to user access to the mounted filesystems.

The TID describes the creation of C:\NWSERVER\NSSSTART.NCF and what parameters you should place in it. This will cause NSS to initialize, before it ever even thinks about mounting a Volume, with the parameters from that file. It will take a server reboot to make the changes effective (technically, you could shut down every NLM that needed filesystem access, dismount all the filesystems, and then unload and reload NSS, but by the time you did all that and get everyting running again, you might as well reboot).

Note that you CANNOT comment that file. The only thing you can put in there is valid NSS command-line switches, one per line. Check your typography carefully, as any fat-fingering will cause NSS to abort - NOTHING NSS will get mounted until you go fix the file (won't harm anything, but its annoying).
0
Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
LVL 34

Expert Comment

by:PsiCop
ID: 13433534
Whoops. That's C:\NWSERVER\NSSSTART.CFG  .... the name IS important!
0
 
LVL 34

Expert Comment

by:PsiCop
ID: 13433582
djhath,

Are you looking for performance tweaks or security tweaks?
0
 
LVL 3

Author Comment

by:djhath
ID: 13433918
Either/or..  Primarily performance tweaks.  I'll take any good help that you guys give.
0
 
LVL 34

Assisted Solution

by:PsiCop
PsiCop earned 800 total points
ID: 13434175
From the Security Tweaks Dept.:

1) Use OpenSSH for Remote Console instead of RCONAG6.NLM
2) Disable support for SSH v1 protocol in SYS:ETC\SSH\SSHD_CONFIG
3) Disable community read/write via SNMP (go into INETCFG and find the SNMP screens - don't have it handy right this second)
4) Support only Secure FTP (edit SYS:ETC\FTPSERV.CFG to permit only secure logins)
5) Don't put user account objects in the same OU as server objects
6) Create a separate account with Supervisor rights to the root of the eDirectory tree - do NOT make it equivalent to Admin, but make it an account with its own rights; delete the Admin account once you have tested the new one
7) Put the SYS: Volume in its own NSS Pool (ShineOn touched on this briefly above) and don't let any other Volumes into that Pool

And I'm working on some more. I'm writing a NetWare Security "How-To" and I'll make a post on EE about it.
0
 
LVL 35

Expert Comment

by:ShineOn
ID: 13434295
6a)  Create a second admin-powered account with an unguessable name and a complex password and put the password in a safe or something, JUST IN CASE your other admin-powered account gets deleted or is otherwise made unusable.  Saves a service call to Novell support...
0
 
LVL 35

Expert Comment

by:ShineOn
ID: 13434313
Doesn't SSH automatically give you SFTP?
0
 
LVL 34

Expert Comment

by:PsiCop
ID: 13435513
I'm not 100% clear on that. The Subsystem configuration option is not present on Novell's list of supported configuration file options (http://www.novell.com/documentation/nw65/index.html?page=/documentation/nw65/openssh/data/ajpc1oy.html). Nor is there an "sftp-server" executable, such as is found in the libexec subdirectory of a typical OpenSSH installation.

Without that subsystem support, the OpenSSH daemon can't do SFTP. From what I can tell, the NetWare version doesn't have it. If I'm wrong, someone please tell me. Its one of my questions for the "Mett the Experts" session at BrainShare.
0
 
LVL 34

Expert Comment

by:PsiCop
ID: 13435551
Of course, this page (http://www.novell.com/documentation/nw65/index.html?page=/documentation/nw65/openssh/data/ajpce0l.html) seems to say that it DOES support SFTP. Like I said, its not very clear. From my *NIX experience with OpenSSH, it doesn't seem to, but then sftp-server might be compiled into the sshd.nlm.
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will show how Aten was able to supply easy management and control for Artear's video walls and wide range display configurations of their newsroom.
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question