Due to the tremendous variation in resource demands of customer applications and available system resources, we cannot provide specific configuration recommendations. However, below are some suggestions that you should consider when planning your configuration. You should test your application under simulated production conditions to validate your configurations prior to deployment.
Performance & Scalability
- Run SERVER as a process pair (use the --backupcpu option).
- Run at least one SWORKER process.
- Start as many SWORKERs as needed according to anticipated load, each in different processors.
- The SERVER process distributes load across available SWORKERs to the SWORKER with the least number of connections
- Consider setting --http-keepalive-timeout (default 30s) to limit connection time length.
- Consider settting --http-keepalive-max (default 100) to close connections after this number of requests.
- If large numbers of TCP/IP connections are anticipated, configure multiple --service-ports using separate TCP/IP processes.
- If TMF transactions are being used (by client applications or in API definitions).
- Consider setting --max-tx-timeout to set an absolute limit on TMF transaction timeouts.
- Consider setting --default tx-timeout to set the default TMF transaction timeout if not specified by client or API.
- Leave HTTP logging disabled (installation default).
- Use the monitor option where appropriate, to monitor changes to configuration files. See monitor.
- Do not use diagnostic logging in performance sensitive environments unless absolutely necessary.
- Change the default administrator password!
- Use Server Certificates and configure only HTTPS console and service ports.
- Disable TLS v1.0 and v1.1 if possible. See --tls-protocols.
- Use restrictive Access Control Policies.
- Consider an external security appliance or reverse proxy if connected to untrusted networks.
- Maintain separate development and production LightWave Server instances.
- Use the sensitive schema property to avoid disclosing sensitive data in logs. See Sensitive Data Masking.
- Leave the 'lightwave-api-testing-service' disabled (installation default) in production instances.