How many connections do I need from the WebGate to the OAM Server?

Introduction

Someone just asked the question:

My question is that, if we have 2 oam servers and assign 1 as Max Number of Connections for each server, does this mean that the webgate can handle only 2 connections at a time? Do we need to increase this value to enable the webgate to serve more parallel requests?

Main Article

There is a relationship between the WebGate to OAM Server connections and the user to web server connections but it’s not 1-to-1.

When a request comes into the web server the WebGate needs to figure out a few things:

  • is the resource is protected by OAM?
  • has the user already authenticated?
  • if yes to both should the user be allowed to see the resource?

Generally speaking the WebGate needs to send each question to the OAM Server and wait for an answer. That answer comes back from the OAM Server in milliseconds – the vast majority of which is actually the round trip time through the network to the OAM Server… there’s nothing we can do about that pesky speed of light (damn you Einstein!).

Incidentally the connections the WebGate uses are opened when the WebGate gets started and are managed as a pool – when there are spares that haven’t been used for a while they get shut down. When more are needed they get opened. The docs talk about how all of this works in pretty good details.

Many people start out thinking “if I want to support 100 concurrent users I’m gonna to need at least 100 connections from the WebGate to the OAM server.”
Those people are wrong.
Plus they really shouldn’t say “gonna” as it’s not an actual word.

Consider these use cases

  • a web server where you have hundreds of unprotected resources. In that case the first time someone requests the resource the WebGate will discover that it’s unprotected. After that the WebGate knows the answer to question 1 and it doesn’t need to talk to the OAM server for that resource again.
  • a web server on which users keep reloading the same resource over and over during a session, for example if they’re making mostly JSON or REST calls via JavaScript in an AJAX app. In that case after the first request by that user the subsequent requests will come out of the WebGate’s cache.
  • a web server mostly serving up very large files for download. In that case the answer from the OAM Server comes back in milliseconds but the download takes 20 minutes.
  • or even 99% of the web servers out there on the internet where the user loads a page and then reads through the content for a few minutes before clicking again to read the next page or story.

In short: there’s no good hard and fast rule about the number of connections you need from the WebGate to the OAM Server. Only testing your web site under representative load will help you figure out what the right numbers are.

And in that way the WebGate to OAM connection pool is a whole lot like connection pools from the Web Server to the App Server or from the App Server to the Database. And by a “whole lot like” I mean exactly the same.

Add Your Comment