Connection Configuration Parameters
Parameter | Default | Description |
---|---|---|
Use_Persistent_Connections | yes | Enables the persistent connections functionality.If enabled, the client will use a pool of persistent connections to the NAE server.If disabled, a new connection will be created and then closed for each request. Valid values are: •yes •no |
Size_of_Connection_Pool | 300 | Specifies the total number of client-server connections that your configuration could possibly allow. (Not what actually exists at a given moment.) Connections in the pool can be active or waiting, TCP or SSL. A connection is created as needed, and the pool scales as needed. The pool starts at size 0, and can grow to the value set here. Once the pool is full, new connection requests must wait for an existing connection to close. Connection pooling is configured on a per-client basis. The size of the pool applies to each client; it is not a total value for a SafeNet KeySecure or for a load balancing group. If there are multiple clients running on the same machine, separate connection pools are maintained for each client. |
Connection_Timeout | 60000ms | Specifies how long the client waits for the TCP connect function before timing out. Setting this parameter a few hundred ms less than the operating system’s connection timeout makes connection attempts to a downed server fail faster, and failover happens sooner. If a connection cannot be made before the timeout expires, the server is marked as down and taken out of the rotation. Possible values: •0 -Disables this setting. The client uses the operating system’s connect timeout. •Any positive integer |
Connection_Idle_Timeout | 600000ms (10 min) | Specifies the amount of time connections in the connection pool can remain idle before the client closes them. Note: There are two different connection timeout values: one on the CipherTrust Manager, and one in the properties file. The value of the timeout in the properties file must be less than what is set on the server. This lets the client control when idle connections are closed. Otherwise, the client can maintain a connection that is closed on the server side, which can lead to error. |
Connection_Retry_Interval | 600000ms (10 minutes) | Determines how long the client waits before trying to reconnect to a disabled server. If one of the Cipher Trust servers in a load balanced configuration is not reachable, the client assumes that the server is down, and then waits for the specified time period before trying to connect to it again. Valid values: •0 – This is the infinite retry interval. The disabled server will never be brought back into use. •Any positive integer |
Cluster_Synchronization_Delay | 100s | Specifies how long the client will wait before assuming that key changes have been synchronized throughout a cluster. After creating, cloning, importing, or modifying a key, the client will continue to use the same CipherTrust Manager appliance until the end of this delay period. Valid values: •0 – Disables the function •Any positive integer For example, the client sets Cluster_Synchronization_Delay to 100s and sends a key creation request to appliance A, which is part of a cluster. Appliance A creates the key and automatically synchronizes with rest of the cluster. The client will use only appliance A for 100 seconds - enough time for the cluster synchronization to complete. After this time period, the client will use other cluster members as before. |