The number of PVU entitlements required is based on the processor technology defined within the PVU table by processor value, brand, type, and model number at the website below and the number of processors made available to the program. IBM continues to define a processor, for the purpose of PVU-based licensing, to be each processor core on a chip. A dual-core processor chip, for example, has two processor cores. If using Full Capacity licensing, Licensee must obtain PVU entitlements sufficient to cover all activated processor cores1 in the physical hardware environment made available to or managed by the Program, except for those servers from which the Program has been permanently removed.
|Published (Last):||10 August 2019|
|PDF File Size:||6.88 Mb|
|ePub File Size:||15.38 Mb|
|Price:||Free* [*Free Regsitration Required]|
The amount of installed memory minus the amount of total memory. Installed memory The amount of physical memory in the appliance. The System Usage shows data for several tasks running on the appliance, not just the main DataPower task. The values are displayed as percentages over an "interval", which may be modified through the "load-interval" command. Figure 2. System usage status View image at full size The system usage takes into account all the resources that have been allocated, regardless of whether it is being actively used or simply held in reserve.
These values are sometimes useful when working with DataPower support on resource issues. However, the memory usage from the show memory status provider is a more accurate measure to use for capacity planning because the hold memory is available to DataPower for re-use. Services are typically configured within domains for ease of life cycle management and other administrative benefits. Processing policies are containers that implement rules and the rules contain actions.
Actions implement higher level functions, such as digital signatures, encryption, and authentication, or custom processing, through the execution of the Extensible Stylesheet Language XSL transformations. Domain memory usage The memory information has been enhanced over recent releases to show incremental utilization by domain and service and includes XSL and XML document caches. Refer to the Information Center for complete memory status information for your particular firmware release.
Figure 3 shows an example of domain memory utilization. Notice that the display includes values for time increments, the service lifetime since the last restart , and the document and stylesheet caches.
If you are interested in determining areas of your configuration that may be accountable for excessive memory usage, then a good place to start is to look at the domain memory statistics. Figure 3. Domain memory utilization View image at full size Service memory usage Having identified a domain of interest, you will then want to understand the services within the domain and how they are utilizing memory.
From either the default domain or from within an application domain, you can show the specific services and their memory usage.
Figure 4 shows an example of the service status information. Figure 4. Service memory usage View image at full size Since the publication of the previously mentioned developersWorks article DataPower release 3. For example as shown in Figure 5 , a sample rule execution demonstrates the ability to determine the memory used by sign, verify, and transform actions and the transaction in total.
This is particularly valuable in custom XSLT actions. The report shows memory information for the initial parsing and associated schema validation of incoming messages and each action with the rule. The sign action in this particular transaction is using more memory resources than the simple identity transformations that precede it, as you would expect given its complexity.
Figure 5. Memory report status information log View image at full size Service implications on memory There are multiple factors that affect memory utilization. Message sizes and concurrency are obvious factors. As transactions are processed, DataPower flow rates are affected not just by the "work" that DataPower applies, but also by the interactions with "off box" resources.
Logging steps, for example, may be dependent on the success or failure of the logging resource. Application resources may ultimately have to process the transaction and the response from that application may need to be further processed.
Size of input messages With the use of firmware version 5. While every environment has uniqueness and every message varies in complexity and structure, processing messages of many gigabits is possible, including complex operations such as digital signature and encryption processing. One factor to consider when processing XML or SOAP messages and when using actions within a policy that processes those documents is the required "parsing".
Parsing, or the processing of an input byte stream into a dynamically accessible object structure, requires memory that is significantly greater than the input stream itself. This resource requirement is multiplied in cases of concurrency. Asynchronous and synchronous actions DataPower actions may be executed as "synchronous" in which subsequent actions wait for completion, or "asynchronous" in which actions run in parallel.
By default, actions are synchronous, each waiting for its preceding sibling to complete. Normally, this is the desired behavior. Certain actions, such as authentication and authorization AAA or service level monitoring SLM should only be run synchronously as subsequent actions are executed based on their successful execution. However, for some policy rules, it is possible to run actions in parallel. An example is posting log data to an external service.
However, asynchronous actions are not cost-free. DataPower is primarily optimized for minimizing delay. As a transaction executes each action in a rule, it does not free the memory used until after the transaction completes.
Rather, it puts that memory in a "transactional or hold" cache for use by subsequent actions. The memory will only be free after the entire transaction has completed. It is not available for use by another transaction until such time. Asynchronous actions can overuse resources in conditions where integrated services are slow to respond. Consider an action that sends a SOAP message to an external server.
The result of this action is not part of transaction flow and you do not want to delay the response to the client waiting for confirmation from the server. The action can be marked asynchronous. Assume that normally the external server responds with a HTTP response after just 10 milliseconds ms.
Now assume that you have a modest transaction per second TPS flow to the device and that the external log server has a slowdown and does not respond for 10 seconds to each SOAP message. Assume each transaction uses 1MB of memory, parsing and processing the request transaction. This can quickly cause the device to start delaying valuable traffic to prevent over use of resources. If this logging is not business critical, you might want the logging actions to abort before the main data traffic is affected.
Streaming An alternative to document parsing is the "streaming" of documents through a service policy. In this scenario, the document passes through a policy rule, section by section, and while the entire document is not accessible, this is often all that is required. In streaming mode, memory requirements are greatly reduced. Streaming requires strict adherence to processing limitations, including XSLT instructions that may be invoked.
For example, an XSLT XPath instruction cannot address a section of the document outside of the current "node" of the document as it will not be available. While streaming processes extremely large documents, you must follow the requirements. For more information about streaming, see the Optimizing through streaming topic in the DataPower Information Center.
Multistep issues and unnecessary context Care must be taken when defining processing policy rules to avoid unnecessary memory usage. Most actions create output "context" and it is important to realize that each new context represents an additional allocation in memory.
Figure 6 shows an example of two transform actions that create context ContextA, ContextB , which is then sent to the output stream through a results action. Figure 6. Processing actions that create new context View image at full size In many occasions, you can use the special "PIPE" context to avoid this intermediate context creation.
The PIPE context does not require separate memory for each processing step and has other performance advantages as well. Figure 7. This "bit bucket" is useful when an action does not produce meaningful output. Perhaps all you need to do is log some data, or set a dynamic route.
If you are not modifying the message, subsequent actions can access the original input data and you do not need to pass it along with XSLT "Copy" statements and the unnecessary production of context. Latency and timeouts Latency and timeouts are important factors in memory consumption.
Consider a typical scenario in which requests are being processed through DataPower and onto a backend service. Transaction rates are high, throughput is as expected. Now consider that the backend service becomes slower to respond, but it is responding and not timing out. Requests come into DataPower at the previous rates, unaware of the slowdown occurring on downstream services. But, the transactions are not completing until the response is received from the backend and potentially processed within a response rule.
DataPower must maintain the request data and variables produced during response rule processing. There are a variety of interactions that may take place. Logging, authentication, orchestrations, or other integration services may be called.
If they are slow to respond, the transactions are slow to complete. If transactions are accepted at a continuous rate, they begin to queue up in an active and incomplete status. These transactions hold onto resources until they complete.
Backend timeout values are set at the service. The default values are typically seconds and controls initial connections and the maintenance of connections between transactions. The default value is seconds. This is probably too much and more restrictive values should be used, allowing connections to fail when connections cannot be made in a realistic time.
Consult the product documentation for your specific service configuration. Timeouts may be identified by log messages and analyzed through the use of log targets, which consume these events. Latencies are potentially more insidious. You may not be aware of increases in latencies unless you are monitoring these values. However, you may use monitoring techniques, such as SNMP monitors to query service rates and duration monitors.
Some customers will utilize latency calculators through XSLT and potentially create log message, which again can be consumed by log targets for dynamic configuration or analysis. To avoid an excessive use of resources, throttle settings allow for a temporary hold on incoming transactions until the constraint is relieved.
Using these throttle settings allow for inflight transaction to complete before additional transactions are accepted.
Resource management and analysis best practices for WebSphere DataPower
The article includes example configurations, migration methodologies, and automated promotion techniques. For further information on DataPower and the concepts described in this article, see the Resources section at the bottom of the article. DataPower devices are used for the implementation of advanced security, mediation, and integration patterns. Changes to these configurations must be done in a controlled manner to ensure quality of service in the production environment. The migration of these changes from early development through testing and eventually to production is known as the Software Development Life Cycle SDLC.
IBM WebSphere DataPower SOA Appliances
Part 2 explains how to extend these capabilities even further by enabling the use of custom policy vocabularies to deploy specific proxy processing patterns not covered by the built-in policy domains. Using the two products together, the IT organization can offer and enforce different SLA and QoS behaviors for different consumers of the same service, add new behaviors to existing services, or change the parameters of existing SLAs. Therefore, the enterprise can gain business value by increasing business agility and saving money on the IT infrastructure. Consumer to provider SLAs Many sophisticated IT organizations today cannot proactively protect, control, and monitor their services using SLAs because they still lack the capability to model, enforce, and report on quantified SLA parameters. This adversely affects the availability of business services.
WS-Policy security integration between DataPower and WebSphere Application Server
The amount of installed memory minus the amount of total memory. Installed memory The amount of physical memory in the appliance. The System Usage shows data for several tasks running on the appliance, not just the main DataPower task. The values are displayed as percentages over an "interval", which may be modified through the "load-interval" command. Figure 2. System usage status View image at full size The system usage takes into account all the resources that have been allocated, regardless of whether it is being actively used or simply held in reserve. These values are sometimes useful when working with DataPower support on resource issues.