...
- Run SERVER as a process pair (use the --backupcpu option).
- Run at least one SWORKER process.
- Start as many SWORKERs as needed according to anticipated load, each in different processors.
- The SERVER process distributes load across available SWORKERs to the SWORKER with the least number of connections
- Consider setting --http-keepalive-timeout (default 30s) to limit connection time length.
- Consider settting --http-keepalive-max (default 100) to close connections after this number of requests.
- If large numbers of TCP/IP connections are anticipated, configure multiple --service-ports using separate TCP/IP processes.
- If TMF transactions are being used (by client applications or in API definitions).
- Consider setting --max-tx-timeout to set an absolute limit on TMF transaction timeouts.
- Consider setting --default tx-timeout to set the default TMF transaction timeout if not specified by client or API.
- Leave HTTP logging disabled (installation default).
- Use the monitor option where appropriate, to monitor changes to configuration files. See monitor.
- Do not use diagnostic logging in performance sensitive environments unless absolutely necessary.
Security
- Change the default administrator password!
- Use Server Certificates and configure only https service portsHTTPS console and service ports.
- Disable TLS v1.0 and v1.1 if possible. See --tls-protocols.
- Use restrictive Access Control policiesPolicies.
- Consider an external security appliance or reverse proxy if connected to untrusted networks.
- Maintain separate development and production LightWave Server instances.
- Use the sensitive schema property to avoid disclosing sensitive data in logs. See Sensitive Data Masking.
- Leave the 'lightwave-api-testing-service' disabled (installation default) in production instances.
