WebSphere Tuning Approach
Security Configuration – WebSphere Tuning
Security configuration could be tuned to balance the performance with functionality.
You can achieve this balance by considering the following:
- Consider what sort of security is required and the things to be disabled in your environment. For instance, if your servers are running in a Virtual Private Network (VPN), you may consider disabling Secure Sockets Layer (SSL).
- You may consider disabling Java 2 security manager if you know exactly what code is put onto your server and you need not protect process resources.
- While changing the new security policy, you can consider propagating new security settings to all nodes before restarting the deployment manager and node agents.
- You normally get access denied errors if your security configurations are not consistent across all servers. So you should propagate new security settings when enabling or disabling administrative security.
- If you feel your environment is secure enough, you can increase the cache and token timeout. By increasing the values, you need not re-authenticate frequently. This can help all other requests to reuse the credentials. To choose the initial size of the hash-table caches, you can use security cache properties. This affects the frequency of rehashing and the distribution of the hash algorithms.
- As RMI (Remote Method Invocation) uses stateful connections and SOAP (Simple Object Access Protocol) is absolutely stateless, it is normally recommended to change your administrative connector from SOAP to RMI.
- By distributing the workload to many JVMs (Java virtual machines) instead of a single JVM, you can increase the security performance as there is less contention for certain authorization decisions.