WebSphere eXtreme Scale Administration Guide > Plan application deployment
eXtreme Scale Operational checklist
- TCP_KEEPINTVL
Part of a socket keep-alive protocol that enables detection of network outage. The property specifies the interval between packets that are sent to validate the connection.
When you are using WebSphere eXtreme Scale, set the value to 10.
To check the current setting...
# no -o tcp_keepintvlTo change the current setting...
# no -o tcp_keepintvl=10
The TCP_KEEPINTVL setting is in half seconds.
- TCP_KEEPINIT
Part of a socket keep-alive protocol that enables detection of network outage. The property specifies the initial timeout value for TCP connection. When you are using WebSphere eXtreme Scale, set the value to 40.
To check the current setting...
# no -o tcp_keepinitTo change the current setting
# no -o tcp_keepinit=40The TCP_KEEPINIT setting is in half seconds.
- To modify the transport behavior of the grid, update...
java/jre/lib/orb.properties- Use parameters in the startOgServer script.
In particular, use the following parameters:
- Set heap settings with the -jvmArgs parameter.
- Set application class path and properties with the -jvmArgs parameter.
- Set -jvmArgs parameters for configuring agent monitoring.
- Port settings
WebSphere eXtreme Scale has to open ports for communications for some transports. These ports are all dynamically defined. However, if a firewall is in use between containers then specify the ports. Use the following information about the ports:
- Listener port
- You can use the -listenerPort argument to specify the port that is used for communication between processes.
- Core group port
You can use the -haManagerPort argument to specify the port that is used for failure detection. This argument is the same as peerPort. Note that core groups do not need to communicate across zones, so you might not need to set this port if the firewall is open to all the members of a single zone.
- JMX service port
- You can use the -JMXServicePort argument to specify the port that the JMX service should use.
- SSL port
- Pass...
-Dcom.ibm.CSI.SSLPort=1234...as a -jvmArgs argument sets the SSL port to 1234. The SSL port is the secure port peer to the listener port.
- Client port
Used in the catalog service only. You can specify this value with the -catalogServiceEndPoints argument. The format of the value of this parameter is in the format:
serverName:hostName:clientPort:peerPort- Verify that security settings are configured correctly
- Transport (SSL)
- Application (Authentication and Authorization)
To verify the security settings, you can try to use a malicious client to connect to the configuration. For example, when the SSL-Required setting is configured, a client that has a TCP_IP setting with or a client with the wrong trust store should not be able to connect to the server. When authentication is required, a client with no credential, such as a user ID and password, should not be able to connect to the sever. When authorization is enforced, a client with no access authorization should not be granted the access to the server resources.
- Choose how you are going to monitor the environment.
The JMX ports of the catalog servers need to be visible to the XSAdmin tool. The container ports also need to be accessible for some commands that gather information from the containers.
- You can choose between the following vendor monitoring tools:
See also
Parent topic
Plan application deployment