Recommended memory settings for the security server and how to change them

This article describes the recommended memory settings of the Suomi.fi Data Exchange Layer security server software, depending on the amount of central memory of the security server host. This article also describes how to change the memory settings.

Memory settings for the security server Proxy and Signer processes, depending on the amount of central memory

The default Proxy memory setting is too low unless you have a minimal host configuration. If the memory setting is too low, the security server will not perform optimally. It is recommenced to increase the Proxy memory setting based on the central memory available on the machine. It is also a good idea to increase the Signer memory, but it is not as important.

Table 1 shows the recommended memory settings for the Proxy and Signer processes in relation to the amount of memory available on the host. Recommendations have been in a conservative manner. A suitable recommendation cannot be given for each situation because the optimal amount of memory depends on the security server and its use cases.

Table 1. Recommended memory settings for the Proxy and Signer processes, depending on the amount of central memory

*) The general instance types of machines used in the AWS environment are used as an example. The instance types may vary depending on the operating environment.

Changing the memory settings for the security server Proxy and Signer processes

The security server memory settings (both Proxy and Signer processes) are changed in /etc/xroad/services/local.conf if needed. Below are instructions for changing the memory settings of the Proxy and Signer processee according to the X-Road version.

The Proxy and Signer processes read configuration files that are located on the security server in paths /etc/xroad/services/proxy.conf and /etc/xroad/services/signer.conf. Both processes also read the local.conf file when you start the security server software, so you can make local changes to the file, different from the default settings. For changes to memory settings to take effect, they should be made in the local.conf file (proxy.conf and signer.conf files are overwritten during installation).

Recommended memory settings for the Proxy process

Proxy (X-Road 7):

1. Change the parameter below to give the Proxy process a 200-2000 MB dynamic memory area (heap, max 2000, min 200):

XROAD_PROXY_PARAMS=-Xms200m -Xmx2000m

2. Save the file after changes

3. Restart the Proxy process by entering the following command:

systemctl restart xroad-proxy

Proxy (X-Road 6):

1. Change the parameter below to give the Proxy process a 200-2000 MB dynamic memory area (heap, max 2000, min 200):

PROXY_PARAMS="$PROXY_PARAMS -Xms200m -Xmx2000m "

2. Save the file after changes

3. Restart the Proxy process by entering the following command:

# Ubuntu
service xroad-proxy restart 

# RHEL
systemctl restart xroad-proxy

Read more about changing the memory settings of the Proxy process in the NIIS documentationOpens in a new window..

Recommended memory settings for the Signer process

Signer (X-Road 7):

1. Change the parameter below to give the Signer process a 50-200 MB dynamic memory area (heap, max 200, min 50):

XROAD_SIGNER_PARAMS=-Xms50m -Xmx200m

2. Save the file after changes

3. Restart the Signer process by entering the following command:

systemctl restart xroad-signer

Signer (X-Road 6):

1. Change the parameter below to give the Signer process a 50-200 MB dynamic memory area (heap, max 200, min 50):

SIGNER_PARAMS="$SIGNER_PARAMS -Xms50m -Xmx200m "

2. Save the file after changes

3. Restart the Signer process by entering the following command:

# Ubuntu
service xroad-signer restart 

# RHEL
systemctl restart xroad-signer

Read more about changing the memory settings of the Proxy process in the NIIS documentationOpens in a new window..