SecureLogin client queries the directory every 5 minutes

  • Document ID:7010854
  • Creation Date:01-Oct-2012
  • Modified Date:05-Oct-2012
    • Micro Focus Products:
      SecureLogin

Environment

NetIQ SecureLogin
NSL7.x

Situation

By default the SecureLogin client on the workstation communicates with the directory every five minutes.  Why?
Questions and answers about the SecureLogin cache refresh.

Resolution

1. The SecureLogin client does a check agent the directory every 5 min; why?
Five minutes is the default setting for the cache refresh interval.  In addition to storing SecureLogin data in the directory, by default SecureLogin also stores a copy on the workstation in the “local cache.”  The SecureLogin client checks for updates and synchronizes between the directory and the local cache at the cache refresh interval.

2. What is it checking (password verification or new scripts)?
It is checking for updates to application definitions (scripts) and for changes to settings.  (Password changes made from the workstation for SecureLogin enabled applications get synchronized to the directory immediately.) 
 
3. Is there any issue with changing the time that SecureLogin checks with the directory?
Not in a static SecureLogin environment.   If there are no changes or only minor changes being made it probably won't matter to whether users receive changes within 5 minutes or not. 
 
4. What the down side if we did that?
Users wouldn't get changes made at a directory level until the next cache refresh rolls around.   If you are making a lot of important changes this could be a problem.  If few and or only minor changes are being made then it shouldn't matter.
 
5. If we can change the time what would be a recommended time  (min-max)?
The recommended cache refresh interval really depends on how frequently scripts or settings are being changed in the directory, and how soon you want your users to get those changes.  If you are making a lot of important changes that you want users to get right away, then leave the cache refresh interval at the default value of 5 minutes.  If you are making few change or don't mind if the users don't receive those changes for a while, then set the cache refresh for 4 - 8 hours (240 - 480 minutes - the cache refresh interval is set in terms of minutes).  Many consider it a "best practice" to leave the cache refresh at 5 minutes while you are configuring SecureLogin and adding applications, and then setting it to 480 minutes after everything is configured. 
 
Keep in mind that the SecureLogin client also synchronizes the local cache with the directory every time SecureLogin loads or unloads.