Configuration of Kubernetes based Security Server 3.4.x and higher
Initial Note:
The "ks.fullName" determination is explain below in the Appendix section. It is required to create the custom Kubernetes configmap objects into targeted namespace prior to the deployment.
The "Values (MetaConfig)" settings are part of the helm deployment meta-configuration file (values.yaml) and processed at time of deployment.
| Name | Location | Description |
|---|---|---|
| General Database Configuration | Values (MetaConfig): "database" | Configurable Parameters (and default values): database: type: MYSQL name: ssms_db host: hostname port: 3306 driver: '' useJdbcUrl: false jdbcUrl: '' additionalUrlParameters: '' jpaHibernateProperties: '' mgtUser: name: admin password: password adminUser: name: admin password: password |
| Cluster Configuration | Values (MetaConfig) "cluster:" | Configurable Parameters (and default values): cluster: scalabilityFactor: 4 memoryPoolSize: 1024 managementNodes: replicas: 2 additionalSystemParameters: '' resources: limits: memory: '3Gi' cpu: '2' requests: memory: '1.5Gi' cpu: '1' servicesNodes: replicas: 2 additionalSystemParameters: '' resources: limits: memory: '4Gi' cpu: '2' requests: memory: '2Gi' cpu: '1' |
| Modules and SSMS Advanced Settings | Values (MetaConfig) "modules" | Configurable Parameters (and default values): modules: kernel: enabled: true settings: rowsPerPage: 50 restSessionDefaultTimeout: 900 usernameForRESTServices: ~ passwordForRESTServices: ~ urlsAddressBookServers: 'http://scp-addressbook/addressbook' addressBookCertificateIgnore: false traceExporter: 'Zipkin' traceSampler: 'Probabilistic' probability: '0.1' svm: enabled: true asm: enabled: true settings: loginMaximumRetries: 10 reportBufferSize: 100000 identityAccessManagementUrl: 'http://idp-keycloak:8080/auth/realms/${tenantId}/protocol/openid-connect/certs' anonymousUser: memberOfContactLists: ~ accessorOfContactLists: ~ |
| Gossip Router Configuration | Values: "gossipRouter" | Configurable Parameters (and default values): gossipRouter: replicas: 1 resources: requests: memory: '256Mi' cpu: 250m limits: memory: '512Mi' cpu: 500m |
| Shutdown Timeout | Values: "shutdownTimeout" | This timeout is awaited whenever an unhandled exception occurs in the Configuration Utility and allows administrators to retrieve container logs before they are overwritten by a restart. |
| Perform Update Flag | Values: "performUpdate" | Set to "true" by default. This flag controls whether or not the full configuration sequence (including database schema migrations) of the Configuration Utility is executed. It is not normally required to override this flag, since a "helm install" or "helm upgrade" warrants the full sequence under most circumstances. |
| Database Connection Pool for Management Nodes | Values (MetaConfig): "database.mgtConPoolConfig" | Configurable Parameters (and default values): database: mgtConPoolConfig: databasePoolCheckConnectionInterval: 2 acquireIncrement: 2 acquireRetryAttempts: 10 acquireRetryDelay: 1000 checkoutTimeout: 10000 databasePoolCheckConnectionInterval: 600 databasePoolMaximum: 20 databasePoolMinimum: 10 databasePoolTimeout: 21600 maxIdleTimeExcessConnections: 1200 maxStatements: 50 numHelperThreads: 5 |
| Database Connection Pool for Services Nodes | Values (MetaConfig): "database.svcConPoolConfig" | Configurable Parameters (and default values): database: svcConPoolConfig: acquireIncrement: 5 acquireRetryAttempts: 10 acquireRetryDelay: 1000 checkoutTimeout: 10000 databasePoolCheckConnectionInterval: 600 databasePoolMaximum: 200 databasePoolMinimum: 20 databasePoolTimeout: 21600 maxIdleTimeExcessConnections: 1200 maxStatements: 50 numHelperThreads: 50 |
| SSMS Truststore | Kubernetes (or OpenShift) ConfigMap "$ks.fullName-truststore" | The ConfigMap needs to provide truststore content encoded as base64 under the key "truststore", analogous to how the ConfigMap would be created by this command (note that the filename must be truststore, without an extension): kubectl create configmap $fullname-truststore -n $namespace --from-file truststore |
| JGroups Configuration | Kubernetes (or OpenShift) ConfigMap "$ks.fullName-communication-xml" | The ConfigMap needs to provide the communication.xml content under the key "communication.xml", analogous to how the ConfigMap would be created by this command (note that the filename must be communication.xml): kubectl create configmap $fullname-communication-xml -n $namespace --from-file communication.xml The default configuration is: <?xml version="1.0" encoding="UTF-8" standalone="no"?> <config xmlns="urn:org:jgroups" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:org:jgroups http://www.jgroups.org/schema/jgroups-3.6.xsd"> <UDP enable_diagnostics="true" ip_mcast="false" ip_ttl="${jgroups.udp.ip_ttl:8}" loopback="true" max_bundle_size="64K" max_bundle_timeout="30" mcast_recv_buf_size="124K" mcast_send_buf_size="124K" oob_thread_pool.enabled="true" oob_thread_pool.keep_alive_time="54000" oob_thread_pool.max_threads="100" oob_thread_pool.min_threads="25" oob_thread_pool.queue_enabled="true" oob_thread_pool.queue_max_size="10000" oob_thread_pool.rejection_policy="discard" port_range="10" singleton_name="SharedTransport_Main" thread_naming_pattern="cl" thread_pool.enabled="true" thread_pool.keep_alive_time="54000" thread_pool.max_threads="40" thread_pool.min_threads="10" thread_pool.queue_enabled="true" thread_pool.queue_max_size="10000" thread_pool.rejection_policy="discard" timer.keep_alive_time="3000" timer.max_threads="14" timer.min_threads="4" timer.queue_max_size="500" timer_type="new" tos="8" ucast_recv_buf_size="124K" ucast_send_buf_size="124K"/> <TCPGOSSIP reconnect_interval="60000" initial_hosts="{{ template "ks.fullname" $ }}-gossip-{{ $index }}[12001]"/> <MERGE2 max_interval="30000" min_interval="10000"/> <FD_SOCK port_range="10"/> <FD_ALL/> <VERIFY_SUSPECT timeout="1500"/> <BARRIER/> <pbcast.NAKACK2 discard_delivered_msgs="true" max_msg_batch_size="500" use_mcast_xmit="false" xmit_interval="1000" xmit_table_max_compaction_time="30000" xmit_table_msgs_per_row="2000" xmit_table_num_rows="100"/> <UNICAST conn_expiry_timeout="60000" max_msg_batch_size="500" xmit_interval="2000" xmit_table_max_compaction_time="60000" xmit_table_msgs_per_row="2000" xmit_table_num_rows="100"/> <pbcast.STABLE desired_avg_gossip="50000" max_bytes="4M" stability_delay="1000"/> <pbcast.GMS join_timeout="3000" print_local_addr="true" view_bundling="true"/> <UFC max_credits="2M" min_threshold="0.4"/> <MFC max_credits="2M" min_threshold="0.4"/> <FRAG2 frag_size="60K"/> <RSVP resend_interval="2000" timeout="10000"/> <pbcast.STATE_TRANSFER/> </config> |
| Tomcat Configuration Template for Management Nodes (server.xml.template) | Kubernetes (or OpenShift) ConfigMap "$ks.fullName-mgt-server-xml-template" | The ConfigMap needs to provide the server.xml.template content under the key "server.xml.template", analogous to how the ConfigMap would be created by this command (note that the filename must be server.xml.template): kubectl create configmap $fullname-mgt-server-xml-template -n $namespace --from-file server.xml.template The default configuration is: <?xml version="1.0" encoding="utf-8" standalone="no" ?> <Server port="-1"> <Listener className="org.apache.catalina.core.JasperListener" /> <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" /> <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" /> <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" /> <GlobalNamingResources> <Resource auth="Container" description="User database that can be updated and saved" factory="org.apache.catalina.users.MemoryUserDatabaseFactory" name="UserDatabase" pathname="conf/tomcat-users.xml" type="org.apache.catalina.UserDatabase" /> </GlobalNamingResources> <Service name="SSMS"> ${connector.mgt.start} <Connector SSLEnabled="true" Server="SSMS" URIEncoding="${mgt.URIEncoding}" acceptCount="${mgt.acceptCount}" algorithm="SunX509" ciphers="${connector.ciphers}" clientAuth="want" compression="true" connectionTimeout="${mgt.connectionTimeout}" keyAlias="ssmskey" keystoreFile="${mgt.keystoreFile}" keystorePass="${mgt.keystorePass}" keystoreType="${mgt.keystoreType}" maxThreads="${mgt.maxThreads}" port="${mgt.port}" protocol="HTTP/1.1" scheme="HTTPS" secure="true" sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" truststoreFile="${mgt.truststoreFile}" truststorePass="${mgt.truststorePass}" truststoreType="${mgt.truststoreType}" /> ${connector.mgt.end} ${connector.svc.start} <Connector SSLEnabled="true" Server="SSMS" URIEncoding="${svc.URIEncoding}" acceptCount="${svc.acceptCount}" algorithm="SunX509" ciphers="${connector.ciphers}" clientAuth="false" compression="true" connectionTimeout="${svc.connectionTimeout}" keyAlias="ssmskey" keystoreFile="${svc.keystoreFile}" keystorePass="${svc.keystorePass}" keystoreType="${svc.keystoreType}" maxThreads="${svc.maxThreads}" port="${svc.port}" protocol="HTTP/1.1" scheme="HTTPS" secure="true" sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" /> ${connector.svc.end} ${connector.ext.start} <Connector Server="SSMS" URIEncoding="${ext.URIEncoding}" acceptCount="${ext.acceptCount}" connectionTimeout="${ext.connectionTimeout}" maxThreads="${ext.maxThreads}" port="${ext.port}" protocol="org.apache.coyote.http11.Http11NioProtocol" /> ${connector.ext.end} ${connector.extSecure.start} <Connector SSLEnabled="true" Server="SSMS" URIEncoding="${extSecure.URIEncoding}" acceptCount="${extSecure.acceptCount}" algorithm="SunX509" ciphers="${connector.ciphers}" clientAuth="false" compression="true" connectionTimeout="${extSecure.connectionTimeout}" keyAlias="ssmskey" keystoreFile="${extSecure.keystoreFile}" keystorePass="${extSecure.keystorePass}" keystoreType="${extSecure.keystoreType}" maxThreads="${extSecure.maxThreads}" port="${extSecure.port}" protocol="org.apache.coyote.http11.Http11NioProtocol" scheme="HTTPS" secure="true" sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" /> ${connector.extSecure.end} ${connector.ajp.start} <Connector URIEncoding="${ajp.URIEncoding}" port="${ajp.port}" protocol="AJP/1.3" redirectPort="${ajp.redirectPort}" secretRequired="${ajp.secretRequired}" ${ajp.attributeSecret}${ajp.secret} /> ${connector.ajp.end} <Engine defaultHost="localhost" jvmRoute="${engine.jvmRoute}" name="Catalina"> <Host appBase="webapps" autoDeploy="false" name="localhost" unpackWARs="false"></Host> </Engine> </Service> </Server> |
| Tomcat Configuration Template for Services Nodes (server.xml.template) | Kubernetes (or OpenShift) ConfigMap "$ks.fullName-svc-server-xml-template" | The ConfigMap needs to provide the server.xml.template content under the key "server.xml.template", analogous to how the ConfigMap would be created by this command (note that the filename must be server.xml.template): kubectl create configmap $fullname-svc-server-xml-template -n $namespace --from-file server.xml.template (The same template as above can be used) |
| EHCache Configuration for Management Nodes | Kubernetes (or OpenShift) ConfigMap "$ks.fullName-mgt-ehcache-xml" | The ConfigMap needs to provide the ehcache-MGT.xml content under the key "ehcache-MGT.xml", analogous to how the ConfigMap would be created by this command (note that the filename must be ehcache-MGT.xml): kubectl create configmap $fullname-mgt-ehcache-xml -n $namespace --from-file ehcache-MGT.xml The default configuration is: <ehcache updateCheck="false" name="ssms_cache_mgt"> <diskStore path="java.io.tmp" /> <defaultCache maxElementsInMemory="100" eternal="false" timeToIdleSeconds="600" timeToLiveSeconds="600" overflowToDisk="false" /> <!-- <cache name="org.hibernate.cache.StandardQueryCache" maxElementsInMemory="50" eternal="false" timeToLiveSeconds="120" overflowToDisk="false" /> --> <cache name="com.kobil.ssms.asm.entity.AsmClientType" maxElementsInMemory="100" eternal="false" timeToLiveSeconds="7200" timeToIdleSeconds="7200" overflowToDisk="false" /> <!-- two hour --> <cache name="com.kobil.ssms.asm.entity.AsmDevice" maxElementsInMemory="1000" eternal="false" timeToLiveSeconds="1800" timeToIdleSeconds="300" overflowToDisk="false" /> <!-- half hour --> <cache name="com.kobil.ssms.asm.entity.AsmDeviceProperty" maxElementsInMemory="100" eternal="false" timeToLiveSeconds="1800" timeToIdleSeconds="1800" overflowToDisk="false" /> <!-- 30 minutes --> <cache name="com.kobil.ssms.asm.entity.AsmDeviceType" maxElementsInMemory="100" eternal="false" timeToLiveSeconds="7200" timeToIdleSeconds="7200" overflowToDisk="false" /> <!-- one hour --> <cache name="com.kobil.ssms.asm.entity.AsmLittleDevice" maxElementsInMemory="1000" eternal="false" timeToLiveSeconds="1800" timeToIdleSeconds="300" overflowToDisk="false" /> <!-- half hour --> <cache name="com.kobil.ssms.asm.entity.AsmLittleDeviceProperty" maxElementsInMemory="100" eternal="false" timeToLiveSeconds="1800" timeToIdleSeconds="1800" overflowToDisk="false" /> <!-- 30 minutes --> <cache name="com.kobil.ssms.asm.entity.AsmLittleSvmUsercertificate" maxElementsInMemory="1000" eternal="false" timeToLiveSeconds="1800" timeToIdleSeconds="1800" overflowToDisk="false" /> <!-- 30 minutes --> <cache name="com.kobil.ssms.asm.entity.AsmLittleVersion" maxElementsInMemory="100" eternal="false" timeToLiveSeconds="7200" timeToIdleSeconds="7200" overflowToDisk="false" /> <!-- two hour --> <cache name="com.kobil.ssms.asm.entity.AsmPushNotificationConfig" maxElementsInMemory="100" eternal="false" timeToLiveSeconds="7200" timeToIdleSeconds="7200" overflowToDisk="false" /> <!-- one hour --> <cache name="com.kobil.ssms.asm.entity.AsmSoftwareType" maxElementsInMemory="100" eternal="false" timeToLiveSeconds="7200" timeToIdleSeconds="7200" overflowToDisk="false" /> <!-- 2 Hours --> <cache name="com.kobil.ssms.asm.entity.AsmUser" maxElementsInMemory="10000" eternal="false" timeToLiveSeconds="7200" timeToIdleSeconds="7200" overflowToDisk="false" /> <!-- two hour --> <cache name="com.kobil.ssms.asm.entity.AsmVersion" maxElementsInMemory="100" eternal="false" timeToLiveSeconds="7200" timeToIdleSeconds="7200" overflowToDisk="false" /> <!-- two hour --> <cache name="com.kobil.ssms.asm.entity.AsmVersionUpdate" maxElementsInMemory="100" eternal="false" timeToLiveSeconds="7200" timeToIdleSeconds="7200" overflowToDisk="false" /> <!-- 2 Hours --> <cache name="com.kobil.ssms.asm.entity.AsmVirtualDevice" maxElementsInMemory="1000" eternal="false" timeToLiveSeconds="1800" timeToIdleSeconds="300" /> <!-- half hour --> <cache name="com.kobil.ssms.asm.entity.AsmApnsAuthenticationType" maxElementsInMemory="100" eternal="false" timeToLiveSeconds="7200" timeToIdleSeconds="7200" overflowToDisk="false" /> <!-- one hour --> <cache name="com.kobil.ssms.kernel.entity.KernelNode" maxElementsInMemory="100" eternal="false" timeToLiveSeconds="3600" timeToIdleSeconds="300" overflowToDisk="false" /> <!-- one hour --> <cache name="com.kobil.ssms.kernel.entity.KernelRole" maxElementsInMemory="1000" eternal="false" timeToLiveSeconds="1800" timeToIdleSeconds="1800" overflowToDisk="false" /> <!-- 30 minutes --> <cache name="com.kobil.ssms.kernel.entity.KernelTextResource" maxElementsInMemory="100" eternal="false" timeToLiveSeconds="7200" timeToIdleSeconds="7200" overflowToDisk="false" /> <!-- 2 Hours --> <cache name="com.kobil.ssms.kernel.entity.KernelUser" maxElementsInMemory="2000" eternal="false" timeToLiveSeconds="600" timeToIdleSeconds="300" overflowToDisk="false" /> <!-- ten minutes --> <cache name="com.kobil.ssms.kernel.entity.KernelConfig" maxElementsInMemory="100" eternal="false" timeToLiveSeconds="7200" timeToIdleSeconds="7200" overflowToDisk="false" /> <!-- two hour --> <cache name="com.kobil.ssms.kernel.entity.KernelTenant" maxElementsInMemory="1000" eternal="false" timeToLiveSeconds="7200" timeToIdleSeconds="7200" overflowToDisk="false" /> <!-- two hour --> <cache name="com.kobil.ssms.kernel.entity.KernelX509Certificate" maxElementsInMemory="100" eternal="false" timeToLiveSeconds="7200" timeToIdleSeconds="7200" overflowToDisk="false" /> <!-- two hour --> <cache name="com.kobil.ssms.kernel.entity.KernelX509CertificateExtension" maxElementsInMemory="100" eternal="false" timeToLiveSeconds="7200" timeToIdleSeconds="7200" overflowToDisk="false" /> <!-- two hour --> <cache name="com.kobil.ssms.kernel.entity.KernelGroupProperty" maxElementsInMemory="10000" eternal="false" timeToLiveSeconds="7200" timeToIdleSeconds="7200" overflowToDisk="false" /> <cache name="com.kobil.ssms.kernel.entity.KernelUserProperty" maxElementsInMemory="10000" eternal="false" timeToLiveSeconds="7200" timeToIdleSeconds="7200" overflowToDisk="false" /> <cache name="com.kobil.ssms.svm.entity.SvmKernelUser" maxElementsInMemory="10000" eternal="false" timeToLiveSeconds="7200" timeToIdleSeconds="7200" overflowToDisk="false" /> <!-- half hour --> <cache name="com.kobil.ssms.svm.entity.SvmIssuercertificate" maxElementsInMemory="100" eternal="false" timeToLiveSeconds="7200" timeToIdleSeconds="7200" overflowToDisk="false" /> <!-- two hour --> <cache name="com.kobil.ssms.svm.entity.SvmUsercertificate" maxElementsInMemory="1000" eternal="false" timeToLiveSeconds="1800" timeToIdleSeconds="1800" overflowToDisk="false" /> <!-- 30 minutes --> <cache name="org.hibernate.cache.StandardQueryCache" maxElementsInMemory="1000" eternal="false" timeToIdleSeconds="1800" timeToLiveSeconds="1800" overflowToDisk="false" diskPersistent="false" /> <!-- 30 minutes --> <cache name="org.hibernate.cache.internal.StandardQueryCache" maxElementsInMemory="1000" eternal="false" timeToIdleSeconds="1800" timeToLiveSeconds="1800" overflowToDisk="false" diskPersistent="false" /> <!-- 30 minutes --> <cache name="com.kobil.ssms.asm.entity.AsmTokenPolicy" maxElementsInMemory="500" eternal="false" timeToIdleSeconds="90000" overflowToDisk="false" diskPersistent="false" /> <cache name="org.hibernate.cache.spi.UpdateTimestampsCache" maxElementsInMemory="1000" eternal="true" overflowToDisk="false" diskPersistent="false" /> <cache name="query.asmAppVersion" maxElementsInMemory="100" eternal="false" timeToLiveSeconds="7200" /> <cache name="query.asmAppVersionUpdate" maxElementsInMemory="100" eternal="false" timeToLiveSeconds="7200" /> <cache name="query.asmPushNotificationConfig" maxElementsInMemory="100" eternal="false" timeToLiveSeconds="7200" /> <cache name="query.getFirmwareVersions" maxElementsInMemory="100" eternal="false" timeToLiveSeconds="7200" /> <!-- 2 Hours --> <cache name="query.HigherVersionsForFirmware" maxElementsInMemory="100" eternal="false" timeToLiveSeconds="7200" /> <!-- 2 Hours --> <cache name="query.kernelGroupProperty" maxElementsInMemory="1000" eternal="false" timeToLiveSeconds="7000" timeToIdleSeconds="7000"/> <!-- always less than the entities involved --> <cache name="query.kernelTextResources" maxElementsInMemory="100" eternal="false" timeToLiveSeconds="7200" /> <cache name="query.KernelUser.GetUserByLoginId" maxElementsInMemory="10000" eternal="false" timeToLiveSeconds="7200" /> <!-- 2 Hours --> <cache name="query.kernelUserProperty" maxElementsInMemory="1000" eternal="false" timeToLiveSeconds="7200" timeToIdleSeconds="7000"/> <!-- always less than the entities involved --> <cache name="query.svmIssuerCertificate" maxElementsInMemory="100" eternal="false" timeToLiveSeconds="7200" /> <cache name="query.SvmKernelUser.GetUserByLoginId" maxElementsInMemory="10000" eternal="false" timeToLiveSeconds="7200" /> <!-- 2 Hours --> <cache name="query.svmUserCertificate" maxElementsInMemory="1000" eternal="false" timeToLiveSeconds="1800" /> <!-- 30 minutes --> <cache name="query.VersionUpdatesForApp" maxElementsInMemory="100" eternal="false" timeToLiveSeconds="7200" /> <!-- 2 Hours --> <cache name="query.VersionUpdateForFirmware" maxElementsInMemory="100" eternal="false" timeToLiveSeconds="7200" /> <!-- 2 Hours --> <cache name="query.getAllAsmTokenPolicies" maxElementsInMemory="10" eternal="false" timeToIdleSeconds="86400" /> <cache name="query.asmApnsAuthenticationType" maxElementsInMemory="100" eternal="false" timeToLiveSeconds="7200" /> <cache name="query.kernelConfig.massReactivation.config" maxElementsInMemory="1000" eternal="false" timeToLiveSeconds="7200" /> <cache name="query.KernelTenant.GetTenantByLoginId" maxElementsInMemory="1000" eternal="false" timeToLiveSeconds="7200" /> <!-- 2 Hours --> <cache name="query.KernelTenant.defaultTenant" maxElementsInMemory="1" eternal="false" timeToLiveSeconds="7200" /> <!-- 2 Hours --> <cache name="query.KernelTenant.masterTenant" maxElementsInMemory="1" eternal="false" timeToIdleSeconds="86400" /> <!-- 24 Hours; if there is no interaction with cache object, it will be invalidate. --> <cache name="query.KernelX509Certificate.getOperatorCert" maxElementsInMemory="100" eternal="false" timeToLiveSeconds="7200" /> <!-- two hour --> </ehcache> |
| EHCache Configuration for Services Nodes | Kubernetes (or OpenShift) ConfigMap "$ks.fullName-svc-ehcache-xml" | The ConfigMap needs to provide the ehcache-SVC.xml content under the key "ehcache-SVC.xml", analogous to how the ConfigMap would be created by this command (note that the filename must be ehcache-SVC.xml): kubectl create configmap $fullname-mgt-ehcache-xml -n $namespace --from-file ehcache-SVC.xml The default configuration is: <ehcache updateCheck="false" name="ssms_cache_svc"> <diskStore path="java.io.tmp" /> <defaultCache maxElementsInMemory="100" eternal="false" timeToIdleSeconds="600" timeToLiveSeconds="600" overflowToDisk="false" /> <!-- <cache name="org.hibernate.cache.StandardQueryCache" maxElementsInMemory="50" eternal="false" timeToLiveSeconds="120" overflowToDisk="false" /> --> <cache name="com.kobil.ssms.asm.entity.AsmClientType" maxElementsInMemory="100" eternal="false" timeToLiveSeconds="7200" timeToIdleSeconds="7200" overflowToDisk="false" /> <!-- two hour --> <cache name="com.kobil.ssms.asm.entity.AsmDevice" maxElementsInMemory="1000" eternal="false" timeToLiveSeconds="1800" timeToIdleSeconds="300" overflowToDisk="false" /> <!-- half hour --> <cache name="com.kobil.ssms.asm.entity.AsmDeviceProperty" maxElementsInMemory="100" eternal="false" timeToLiveSeconds="1800" timeToIdleSeconds="1800" overflowToDisk="false" /> <!-- 30 minutes --> <cache name="com.kobil.ssms.asm.entity.AsmDeviceType" maxElementsInMemory="100" eternal="false" timeToLiveSeconds="7200" timeToIdleSeconds="7200" overflowToDisk="false" /> <!-- one hour --> <cache name="com.kobil.ssms.asm.entity.AsmLittleDevice" maxElementsInMemory="1000" eternal="false" timeToLiveSeconds="1800" timeToIdleSeconds="300" overflowToDisk="false" /> <!-- half hour --> <cache name="com.kobil.ssms.asm.entity.AsmLittleDeviceProperty" maxElementsInMemory="100" eternal="false" timeToLiveSeconds="1800" timeToIdleSeconds="1800" overflowToDisk="false" /> <!-- 30 minutes --> <cache name="com.kobil.ssms.asm.entity.AsmLittleSvmUsercertificate" maxElementsInMemory="1000" eternal="false" timeToLiveSeconds="1800" timeToIdleSeconds="1800" overflowToDisk="false" /> <!-- 30 minutes --> <cache name="com.kobil.ssms.asm.entity.AsmLittleVersion" maxElementsInMemory="100" eternal="false" timeToLiveSeconds="7200" timeToIdleSeconds="7200" overflowToDisk="false" /> <!-- two hour --> <cache name="com.kobil.ssms.asm.entity.AsmPushNotificationConfig" maxElementsInMemory="100" eternal="false" timeToLiveSeconds="7200" timeToIdleSeconds="7200" overflowToDisk="false" /> <!-- one hour --> <cache name="com.kobil.ssms.asm.entity.AsmSoftwareType" maxElementsInMemory="100" eternal="false" timeToLiveSeconds="7200" timeToIdleSeconds="7200" overflowToDisk="false" /> <!-- 2 Hours --> <cache name="com.kobil.ssms.asm.entity.AsmUser" maxElementsInMemory="10000" eternal="false" timeToLiveSeconds="7200" timeToIdleSeconds="7200" overflowToDisk="false" /> <!-- two hour --> <cache name="com.kobil.ssms.asm.entity.AsmVersion" maxElementsInMemory="100" eternal="false" timeToLiveSeconds="7200" timeToIdleSeconds="7200" overflowToDisk="false" /> <!-- two hour --> <cache name="com.kobil.ssms.asm.entity.AsmVersionUpdate" maxElementsInMemory="100" eternal="false" timeToLiveSeconds="7200" timeToIdleSeconds="7200" overflowToDisk="false" /> <!-- 2 Hours --> <cache name="com.kobil.ssms.asm.entity.AsmVirtualDevice" maxElementsInMemory="1000" eternal="false" timeToLiveSeconds="1800" timeToIdleSeconds="300" /> <!-- half hour --> <cache name="com.kobil.ssms.asm.entity.AsmApnsAuthenticationType" maxElementsInMemory="100" eternal="false" timeToLiveSeconds="7200" timeToIdleSeconds="7200" overflowToDisk="false" /> <!-- one hour --> <cache name="com.kobil.ssms.kernel.entity.KernelNode" maxElementsInMemory="100" eternal="false" timeToLiveSeconds="3600" timeToIdleSeconds="300" overflowToDisk="false" /> <!-- one hour --> <cache name="com.kobil.ssms.kernel.entity.KernelRole" maxElementsInMemory="1000" eternal="false" timeToLiveSeconds="1800" timeToIdleSeconds="1800" overflowToDisk="false" /> <!-- 30 minutes --> <cache name="com.kobil.ssms.kernel.entity.KernelTextResource" maxElementsInMemory="100" eternal="false" timeToLiveSeconds="7200" timeToIdleSeconds="7200" overflowToDisk="false" /> <!-- 2 Hours --> <cache name="com.kobil.ssms.kernel.entity.KernelUser" maxElementsInMemory="2000" eternal="false" timeToLiveSeconds="600" timeToIdleSeconds="300" overflowToDisk="false" /> <!-- ten minutes --> <cache name="com.kobil.ssms.kernel.entity.KernelConfig" maxElementsInMemory="100" eternal="false" timeToLiveSeconds="7200" timeToIdleSeconds="7200" overflowToDisk="false" /> <!-- two hour --> <cache name="com.kobil.ssms.kernel.entity.KernelTenant" maxElementsInMemory="1000" eternal="false" timeToLiveSeconds="7200" timeToIdleSeconds="7200" overflowToDisk="false" /> <!-- two hour --> <cache name="com.kobil.ssms.kernel.entity.KernelX509Certificate" maxElementsInMemory="100" eternal="false" timeToLiveSeconds="7200" timeToIdleSeconds="7200" overflowToDisk="false" /> <!-- two hour --> <cache name="com.kobil.ssms.kernel.entity.KernelX509CertificateExtension" maxElementsInMemory="100" eternal="false" timeToLiveSeconds="7200" timeToIdleSeconds="7200" overflowToDisk="false" /> <!-- two hour --> <cache name="com.kobil.ssms.kernel.entity.KernelGroupProperty" maxElementsInMemory="10000" eternal="false" timeToLiveSeconds="7200" timeToIdleSeconds="7200" overflowToDisk="false" /> <cache name="com.kobil.ssms.kernel.entity.KernelUserProperty" maxElementsInMemory="10000" eternal="false" timeToLiveSeconds="7200" timeToIdleSeconds="7200" overflowToDisk="false" /> <cache name="com.kobil.ssms.svm.entity.SvmKernelUser" maxElementsInMemory="10000" eternal="false" timeToLiveSeconds="7200" timeToIdleSeconds="7200" overflowToDisk="false" /> <!-- half hour --> <cache name="com.kobil.ssms.svm.entity.SvmIssuercertificate" maxElementsInMemory="100" eternal="false" timeToLiveSeconds="7200" timeToIdleSeconds="7200" overflowToDisk="false" /> <!-- two hour --> <cache name="com.kobil.ssms.svm.entity.SvmUsercertificate" maxElementsInMemory="1000" eternal="false" timeToLiveSeconds="1800" timeToIdleSeconds="1800" overflowToDisk="false" /> <!-- 30 minutes --> <cache name="org.hibernate.cache.StandardQueryCache" maxElementsInMemory="1000" eternal="false" timeToIdleSeconds="1800" timeToLiveSeconds="1800" overflowToDisk="false" diskPersistent="false" /> <!-- 30 minutes --> <cache name="org.hibernate.cache.internal.StandardQueryCache" maxElementsInMemory="1000" eternal="false" timeToIdleSeconds="1800" timeToLiveSeconds="1800" overflowToDisk="false" diskPersistent="false" /> <!-- 30 minutes --> <cache name="com.kobil.ssms.asm.entity.AsmTokenPolicy" maxElementsInMemory="500" eternal="false" timeToIdleSeconds="90000" overflowToDisk="false" diskPersistent="false" /> <cache name="org.hibernate.cache.spi.UpdateTimestampsCache" maxElementsInMemory="1000" eternal="true" overflowToDisk="false" diskPersistent="false" /> <cache name="query.asmAppVersion" maxElementsInMemory="100" eternal="false" timeToLiveSeconds="7200" /> <cache name="query.asmAppVersionUpdate" maxElementsInMemory="100" eternal="false" timeToLiveSeconds="7200" /> <cache name="query.asmPushNotificationConfig" maxElementsInMemory="100" eternal="false" timeToLiveSeconds="7200" /> <cache name="query.getFirmwareVersions" maxElementsInMemory="100" eternal="false" timeToLiveSeconds="7200" /> <!-- 2 Hours --> <cache name="query.HigherVersionsForFirmware" maxElementsInMemory="100" eternal="false" timeToLiveSeconds="7200" /> <!-- 2 Hours --> <cache name="query.kernelGroupProperty" maxElementsInMemory="1000" eternal="false" timeToLiveSeconds="7000" timeToIdleSeconds="7000"/> <!-- always less than the entities involved --> <cache name="query.kernelTextResources" maxElementsInMemory="100" eternal="false" timeToLiveSeconds="7200" /> <cache name="query.KernelUser.GetUserByLoginId" maxElementsInMemory="10000" eternal="false" timeToLiveSeconds="7200" /> <!-- 2 Hours --> <cache name="query.kernelUserProperty" maxElementsInMemory="1000" eternal="false" timeToLiveSeconds="7200" timeToIdleSeconds="7000"/> <!-- always less than the entities involved --> <cache name="query.svmIssuerCertificate" maxElementsInMemory="100" eternal="false" timeToLiveSeconds="7200" /> <cache name="query.SvmKernelUser.GetUserByLoginId" maxElementsInMemory="10000" eternal="false" timeToLiveSeconds="7200" /> <!-- 2 Hours --> <cache name="query.svmUserCertificate" maxElementsInMemory="1000" eternal="false" timeToLiveSeconds="1800" /> <!-- 30 minutes --> <cache name="query.VersionUpdatesForApp" maxElementsInMemory="100" eternal="false" timeToLiveSeconds="7200" /> <!-- 2 Hours --> <cache name="query.VersionUpdateForFirmware" maxElementsInMemory="100" eternal="false" timeToLiveSeconds="7200" /> <!-- 2 Hours --> <cache name="query.getAllAsmTokenPolicies" maxElementsInMemory="10" eternal="false" timeToIdleSeconds="86400" /> <cache name="query.asmApnsAuthenticationType" maxElementsInMemory="100" eternal="false" timeToLiveSeconds="7200" /> <cache name="query.kernelConfig.massReactivation.config" maxElementsInMemory="1000" eternal="false" timeToLiveSeconds="7200" /> <cache name="query.kernelConfig.KernelPortalServices" maxElementsInMemory="1000" eternal="false" timeToLiveSeconds="7200" /> <!-- 2 Hours --> <cache name="query.KernelTenant.GetTenantByLoginId" maxElementsInMemory="1000" eternal="false" timeToLiveSeconds="7200" /> <!-- 2 Hours --> <cache name="query.KernelTenant.defaultTenant" maxElementsInMemory="1" eternal="false" timeToLiveSeconds="7200" /> <!-- 2 Hours --> <cache name="query.KernelTenant.masterTenant" maxElementsInMemory="1" eternal="false" timeToIdleSeconds="86400" /> <!-- 24 Hours; if there is no interaction with cache object, it will be invalidate. --> <cache name="query.KernelX509Certificate.getOperatorCert" maxElementsInMemory="100" eternal="false" timeToLiveSeconds="7200" /> <!-- two hour --> </ehcache> |