Reflection for the Web 2011 (All Editions except Standard)
Reflection for the Web 2008 (All Editions except Standard)
Reflection Security Gateway 2014 (except Limited Edition)
Reflection Administrator 2011
Reflection Administrator 2008
When running a large number of concurrent connections to the security proxy server on a Sun Solaris system, additional new connections may fail.
In the security proxy server log, you may see the following error:
Connection Error: Too many open files
If the security proxy server was started manually as an application from a shell prompt, you may also see the following Java exception:
java.net.SocketException: Too many open files
This technical note describes how to increase the number of concurrent connections to the Reflection security proxy server by increasing number of file descriptors and setting the proxy server to allow unlimited connections.
Determining the Number of Descriptors Needed
Each security proxy server connection uses two file descriptors. In addition, a baseline of approximately 20 file descriptors is needed to run the security proxy server. To determine the number of file descriptors required, refer to the following formula:
<descriptors> = (<connections> * 2) + 20
where <connections> represents the maximum number of concurrent connections you predict the security proxy server may receive.
(22 connections * 2) + 20 = 64 descriptors
(502 connections * 2) + 20 = 1024 descriptors
Note: The number of permitted concurrent sessions is governed by your Reflection product licensing.
Increasing the File Descriptors
To increase the file descriptors, follow these steps:
- As a user with root privileges, open the command shell that launches the Reflection security proxy server. This should be the same shell used to configure the security proxy server.
- At the command line, enter the following command:
ulimit ân <descriptors>
where <descriptors> represents the integer number of descriptors needed to support the security proxy connections.
Note the following:
- The ulimit command syntax may vary depending on your shell. For more information about using the command, refer to your Solaris documentation or man pages.
- The shell inherits the default limit from the kernel variable rlim_fd_cur value set in the /etc/system file. The maximum number of descriptors that can be set (âhard limitâ) is governed by the kernel variable rlim_fd_max.
Configuring the Security Proxy Server for Maximum Connections
In addition to increasing the file descriptors, it may be helpful to set the MaxConnections value in your Server.Properties file. To verify the MaxConnections value and change it if necessary, follow the steps below.
- Run the Security Proxy Wizard.
- Click the Advanced Settings tab.
- In the Other Settings group box, clear the Limit maximum connections check box if it is selected. Note: Your concurrent session limit is governed by your product licensing. Do not configure more concurrent sessions than authorized by your license.
- Click Save.
- Export the settings to the management server if prompted to do so.
If you made changes, stop and restart the security proxy server for the changes to take effect.
This problem occurs when exceeding the maximum number of file descriptors allocated to the Java Virtual Machine that is running the security proxy server. The default number of file descriptors allocated to a given process depends on the Solaris version and kernel configuration.
||Default Hard Limit