Howto change the cache size for the NetIQ 3.2 Access Gateway Appliance after it has been installed

  • 7011374
  • 15-Nov-2012
  • 15-Nov-2012

Environment

NetIQ Access Manager 3.2
NetIQ Access Manager Gateway Appliance 3.2

Situation

  • The Access Manager Admin Console does not offer a configuration option in order to change cache size reserve for the Access Gateway Appliance (AGA)

Resolution

In the past with NAM 3.1 the Linux Access Gateway used a special file system called Cache Object Store (COS) designed to provide fast access for reading and writing web objects. The NetIQ 3.2 Access Gateway Service installed on Linux and the Access Gateway Appliance are Apache based  and make use of the Apache cache file system provided by the Apache "mod_cache" module. The cache files system will be generated in "/var/cache/novell-apache2". Note: With the Access Gateway Appliance the installation process will create a "/var" partition. The size which should be used for caching will be requested as part of the installation process

A background monitor process will make sure that the defined size will be used in order to clean up.
For the Access Gateway Appliance there is a configuration file called "/etc/opt/novell/ag/mod_disk_cache_monitor.conf" The directive "DiskCacheMonitorCacheStoreSize" which defines the limit in MB (e.G 1024 = 1GB). Changing this value requires to restart the proxy "/etc/init.d/novell-apache2 restart"

Caching is enabled per default and the proxy will use the HTTP cache control headers provided be the web server There are a few things which might impact caching.
  • There is a global "cache options" configuration menu which allows you  to "Disable Caching"
  • As soon as you enable SSL between for a reverse proxy between the browser and the Access Gateway. The proxy will add the "no-store, no-cache" HTTP cache control headers. The reason behind this is to increase security making sure that data which is SSL protected will not be cached.  As soon as you configure HTTP option "Allow Pages to Be Cached by the Browser" This will make sure the proxy will not add the "no-store, no-cache" headers just using the HTTP cache control headers send by the origin web server
  • Adding a URLs to a PIN list will disable caching.