Accessibility

TechNote (Archived)

Unix platform-specific performance settings

Below are some general recommendations for tuning several common configurations. As these are general recommendations, it is preferable that you test and tune the settings below specifically for your application and environment. Consider these settings as a baseline starting point. Never apply new settings to a production environment before testing a staging version thoroughly with the new settings.

Solaris

General OS Settings

Disable any services not absolutely required for machine operation. In general, Unix machines employed as production servers should not run a GUI (such as CDE). Not counting services installed with Macromedia products, highly tuned and secure Solaris sites can usually get the number of required Solaris OS services down to less than 20.

For example, the Macromedia Enterprise Lab follows the following configuration for all Sun Solaris servers. Of course, individual server needs will vary (some services disabled here may be required, for example). Customer should always make changes to a test server and ensure that their applications run successfully before deploying to a production environment.

  1. In /etc/rc2.d rename (or use the "mv" command) the following service startup files from their capital "S" filenames to these small "s" file names:
    • s70uucp
    • s74xntpd
    • s80lp
    • s88utmpd
    • s73nfs.client
    • s75cron
    • s85power
    • s99audit
    • s74autofs
    • s76nscd
    • s88sendmail
    Running any GUI (CDE or OpenWindows) can negatively impact server performance and security. Only run a GUI on a production server only when absolutely required. Disable CDE by renaming the"S99dtlogin" startup script to "s99dtlogin" (replace the capital S with a small s, as before). Note that the "Core" Solaris installation does not install a GUI.
    • s99dtlogin
    When disabling CDE, you can normally disable the "S71rpc" service as well (needed by CDE). However, it is required with ColdFusion Enterprise and Advanced Security and must be enabled.
  2. In /etc/rc3.d, rename (or use the "mv" command) the following service startup files from their capital "S" filenames to these small "s" file names:
    • s15nfs.server
    • s76snmpdx
    • s77dmi
  3. In /etc/inetd.conf, comment all entries so that the following are the only lines that remain uncommented:
    • #ident "@(#)inetd.conf 1.33 98/06/02 SMI" /* SVr4.0 1.5 */
    • telnet stream tcp nowait root /usr/sbin/in.telnetd in.telnetd
    • fs stream tcp wait nobody /usr/openwin/lib/fs.auto fs
    • 100235/1 tli rpc/tcp wait root /usr/lib/fs/cachefs/cachefsd cachefsd
    Running the following command returns only the lines above:

    grep -v "^#" /etc/inetd.conf

    Again, individual server needs will vary (telnet services may not be desired or required, for example).
  4. Restart the server.
    1. Example Steps and Sample Script to Strip the Solaris OS
    2. Save the script below as "stripSolaris".
    3. Type the command:

      chmod 777 stripSolaris
    4. Execute the script as root:

      ./stripSolaris
    5. Make a backup copy of /inetd.conf:

      cp /etc/inetd.conf /etc/inetd.conf.bak
    6. Modify /etc/inetd.conf:

      vi /etc/inetd.conf

      To delete all lines in this file, use the vi "dd" command, then hold down the "." key to repeat. Paste the following (4) lines in and save the file.
      • #ident "@(#)inetd.conf 1.33 98/06/02 SMI" /* SVr4.0 1.5 */
      • telnet stream tcp nowait root /usr/sbin/in.telnetd in.telnetd
      • fs stream tcp wait nobody /usr/openwin/lib/fs.auto fs
      • 100235/1 tli rpc/tcp wait root /usr/lib/fs/cachefs/cachefsd cachefsd
    7. Reboot the machine with:

      reboot

    8. Script:

      #!/bin/sh
      #
      # stripSolaris - setup environment and run Cold Fusion servers
      #
      # This script should be run as root.
      mv /etc/rc2.d/S70uucp /etc/rc2.d/s70uucp
      mv /etc/rc2.d/S74xntpd /etc/rc2.d/s74xntpd
      mv /etc/rc2.d/S80lp /etc/rc2.d/s80lp
      mv /etc/rc2.d/S88utmpd /etc/rc2.d/s88utmpd
      mv /etc/rc2.d/S73nfs.client /etc/rc2.d/s73nfs.client
      mv /etc/rc2.d/S75cron /etc/rc2.d/s75cron
      mv /etc/rc2.d/S85power /etc/rc2.d/s85power
      mv /etc/rc2.d/S99audit /etc/rc2.d/s99audit
      mv /etc/rc2.d/S74autofs /etc/rc2.d/s74autofs
      mv /etc/rc2.d/S76nscd /etc/rc2.d/s76nscd
      mv /etc/rc2.d/S88sendmail /etc/rc2.d/s88sendmail
      mv /etc/rc2.d/S99dtlogin /etc/rc2.d/s99dtlogin
      mv /etc/rc3.d/S15nfs.server /etc/rc3.d/s15nfs.server
      mv /etc/rc3.d/S76snmpdx /etc/rc3.d/s76snmpdx
      mv /etc/rc3.d/S77dmi /etc/rc3.d/s77dmi
      #
      # Next, manually backup and then strip down the /etc/inetd.conf file.
      #
      # cp /etc/inetd.conf /etc/inetd.conf.bak
      # vi /etc/inetd.conf
      #
      # Finally, reboot the server using the "reboot" command.
      #

For Solaris 2.7+ customers:

When mounting shared file systems with the "mount_ufs" command, it is recommended that the "noatime" option (Solaris 7+ only) be used to reduce network overhead and reduce file system latency.

The "noatime" option causes the file system to ignore the common access time updates on files. See man mount_ufs for more information.

For Solaris 2.6 and 2.7 customers:

  1. Add the following commands to the/etc/rc2.d/S69inet file to have them take effect after a reboot:
    • ndd -set /dev/tcp tcp_slow_start_initial 2
    • ndd -set /dev/tcp tcp_xmit_hiwat 65536
    • ndd -set /dev/tcp tcp_recv_hiwat 65536
    • ndd -set /dev/tcp tcp_conn_req_max_q 1024
    • ndd -set /dev/tcp tcp_conn_req_max_q0 1024
    • ndd -set /dev/tcp tcp_time_wait_interval 60000
    • ndd -set /dev/tcp tcp_keepalive_interval 60000
    • ndd -set /dev/tcp tcp_ip_abort_interval 60000
    • ndd -set /dev/tcp tcp_rexmit_interval_max 10000
    • ndd -set /dev/tcp tcp_cwnd_max 65535
  2. Append the following to the /etc/system file:
    • set shmsys: shminfo_shmmax = 4294967295
    • set shmsys: shminfo_shmmin = 1
    • set shmsys: shminfo_shmmni = 100
    • set shmsys: shminfo_shmseg = 50
    • set semsys: seminfo_semmns = 1750
    • set semsys: seminfo_semmni = 70
    • set msgsys:msginfo_msgmax = 65535
    • set msgsys:msginfo_msgmnb = 65535
    • set msgsys:msginfo_msgseg = 8192
    • set msgsys:msginfo_msgssz = 16
    • set tcp:tcp_conn_hash_size=262144
    • set sq_max_size=1024
    • set rlim_fd_max=4096
    • set rlim_fd_cur=1024

For Solaris 2.51 customers:

The main difference between 2.51 and 2.6 in these two sets of settings is that with 2.51, tcp_conn_hash_size is not available, so you must limit tcp_close_wait_interval instead. This accomplishes nearly the same thing in 2.51: reducing the time required to locate a TCP data structure in the kernel under heavy load.

  1. Add the following commands to the/etc/rc2.d/S69inet file to have them take effect after a reboot:
    • ndd -set /dev/tcp tcp_slow_start_initial 2
      (see www.sun.com/sun-on-net/performance/tcp.slowstart.html)
    • ndd -set /dev/tcp tcp_conn_req_max 1024 (tunes the old-style listen queue - obsolete in 2.6)
    • ndd -set /dev/tcp tcp_xmit_hiwat 32768
    • ndd -set /dev/tcp tcp_recv_hiwat 32768
    • ndd -set /dev/tcp tcp_close_wait_interval 60000
  2. Also append the following to the /etc/system file:
    • set shmsys: shminfo_shmmax = 4294967295
    • set shmsys: shminfo_shmmin = 1
    • set shmsys: shminfo_shmmni = 100
    • set shmsys: shminfo_shmseg = 50
    • set semsys: seminfo_semmns = 1750
    • set semsys: seminfo_semmni = 70
    • set msgsys:msginfo_msgmax = 65535
    • set msgsys:msginfo_msgmnb = 65535
    • set msgsys:msginfo_msgset = 8192
    • set msgsys:msginfo_msgssz = 16
    • set tcp:tcp_conn_hash_size=262144
    • set sq_max_size=1024
    • set rlim_fd_max=4096
    • set rlim_fd_cur=1024
  3. We also recommend that users place their webserver root directory and all swap space on a separate physical disk from the core OS and other system files if at all possible. If not, place on separate partitions on the same disk. This will decrease system file-swapping problems on the main drive, helping performance and stability.

HP-UX 11

General OS Settings

Disable any services not absolutely required for machine operation. In general, UNIX machines employed as production servers should not run a GUI (such as CDE). Not counting services installed with Macromedia products, highly tuned and secure HP-UX sites can usually get the number of required HP-UX OS services down to less than 20. For example, the Macromedia Enterprise Lab follows the following configuration for all HP-UX servers. Of course, individual server needs will vary (some services disabled here may be required, for example). Customers should always make changes to a test server rather than directly in production.

  1. In /sbin/rc1.d rename (or use the 'mv" command) the following service startup files from their Capital "S" filenames to these small "s" file names:
    • S080crashconf
    • S400set_prvgrp
    • S420set_date
    • S440savecrash
    • S520syncer
    For instance, the command format would be:

    mv S080crashconf s080crashconf This will effectively remove this script from startup.
  2. In /sbin/rc1.d rename (or use the 'mv" command) the following service startup files from their Capital "K" filenames to these small "k" file names.
    • K220slsd
    • K230audio
    • K240auditing
    • K250envd
    • K270cron
    • K270vt
    • K278pd
    • K280lp
    • K290hparamgr
    • K290hparray
    • K300acct
    • K340xntpd
    • K380xfs
    • K400iforls
    • K410Rpcd
    • K430dce
    • K4350spfMib
    • K435SnmpHpunix
    • K435SnmpMib2
    • K435SnmpTrpDst
    • K440SnmpMaster
    • K450ddfa
    • K460sendmail
    • K470rwhod
    • K478ppp
    • K480rdpd
    • K490gated
    • K560comsec
    • K570nfs.client
    • K580nis.client
    • K590nis.server
    • K592nisplus.client
    • K594nisplus.server
    • K600nfs.core
    • K770ptydaemon
    • K780syslogd
    • K900swagentd
  3. Reboot server.

You should find that your system performance overall is much improved after this, as well as overall system response time.

RedHat Linux

General OS Settings

It is important to disable all unneeded services/daemons when running Redhat. If you have many services on a server, the associated daemons will always run. Inactive daemons are usually swapped out to disk, but they still use valuable resources, such as virtual memory and process table entries. This will cause performance degradation in almost all cases.

Note: All these instructions are based on a default "Server" installation of Redhat Linux 6.1, you may need to keep some of the services/daemons running, or there may be more for you to disable.

  1. Move the following files FROM /etc/rc.d/init.d to a subdirectory below init.d:
    • gpm
    • sendmail - This is a Linux mailserver, this should always be disabled unless you need it.
    • nfs
    • nfslock
    • xfs
    • lpd
    • linuxconf
    • postgresql
    • pulse
    • smb
    • ypbind
    • apmd
    • innd
    • snmpd
    Example Command: mv lpd ../daebckup
  2. Disable the all unneeded services located in/etc/inetd.conf - this file regulates network daemons and the ports that those daemons run on. Most of these should be disabled for security reasons. Please remember to backup your original file if you run into problems.

    In order to "remove" services from the inetd.conf file, you need to place a "#" sign at the beginning of the line of the service you wish to disable:

    For instance, if the entry is as follows:
    telnet stream tcp nowait root /usr/sbin/tcpd in.telnetd

    Change it to the following:
    #telnet stream tcp nowait root /usr/sbin/tcpd in.telnetd

    A fully blockaded/tuned inetd.conf file would have all lines banned unless necessary for server functionality.
  3. Once all changes have been made, we recommend you reboot your server. Although you can apply these changes without rebooting the system, this way you can be sure the changes have taken effect, and your system resources are freed. You may receive errors when shutting down as the shutdown process is trying to execute scripts you have moved, this is normal.

    A Sample tuning script for Linux:

    #
    #!/bin/sh
    # sample tuning script for linux
    #
    cd /etc/rc.d/
    mkdir dmbkup
    cd init.d
    mv gpm ../dmbkup/
    mv sendmail ../dmbkup/
    mv nfs ../dmbkup/
    mv nfslock ../dmbkup/
    mv xfs ../dmbkup/
    mv lpd ../dmbkup/
    mv linuxconf ../dmbkup/
    mv postgresql ../dmbkup/
    mv pulse ../dmbkup/
    mv smb ../dmbkup/
    mv ypbind ../dmbkup/
    mv apmd ../dmbkup/
    mv innd ../dmbkup/
    mv snmpd ../dmbkup/
    # end of file
  4. It is also recommend that users place their webserver root directory and all swap space on a separate physical disk from the core OS and other system files if at all possible. If not, place on separate partitions on the same disk. This will decrease system file-swapping problems on the main drive, helping performance and stability.

Additional Information

Related TechNotes:


AlertThis content requires Flash

To view this content, JavaScript must be enabled, and you need the latest version of the Adobe Flash Player.

Download the free Flash Player now!

Get Adobe Flash Player

Creative Commons License

Search Support


Document Details

ID:tn_18229
Browser:Chrome
Internet Explorer
Netscape
Opera
Safari
Firefox
Database:DB2
Informix
MySQL
Oracle
SQL Server
Sybase
MS Access

Products Affected: