Nfuse Elite Tuning Tips and Tricks
Jason Maynard
Systems Engineer
Citrix Systems
09/30/2002
Beta Document v0.80
Tip / Details / More Information / .reg / Applies ToAlways use NTFS / No NTFS, no file level permissions or auditing. Since all users on the system have access to your OS files, you want to make sure you can secure them from accidental or malicious tampering. / To convert a file system to NTFS, from a command prompt: CONVERT [volume] /FS:NTFS [/V]
[volume]: Specifies the drive letter followed by a color, mount point or volume name.
/v: Runs the CONVERT process in verbose mode. / All NFE Components
Install only required network
components and protocols. / More protocols and components = more overhead and complexity. / All NFE Components
Install all OS software components prior to service packs and hot fixes / Be sure all necessary Win2k components, services and device drivers are installed prior to installing any Microsoft OS service packs or hotfixes. / / All NFE Components
Fully hot fix and service pack the server prior to installing NFE. / After all OC components, services, and device drivers are installed and functioning properly, fully service pack and hotfix the server. It is crucial that all pertinent security and performance fixes and enhancements are complete prior to installing NFE. / / OPEN / All NFE Components
Windows Media Service, unnecessary IIS components. / Unnecessary services can impact reliability and performance. Where possible, disabling them can have a positive impact on these factors. Stop and disable these services where applicable:
- Windows Media Services
- Other Unnecessary IIS components (NNTP, FTP, VIRAD, SMTP, FPSE, etc)
- Messenger Service (if pop-ups aren’t needed)
- Plug and Play Service (if PnP hardware isn’t used)
- TCP/IP NetBIOS Helper Service (if LMHOSTS isn’t used)
- Indexing Service – optional for Web servers
- Alerter Service (for memory hungry servers)
- Messenger Service (for memory hungry servers)
- File Replication Service
Prevent last access time stamp from
being updated on NTFS partitions. / When Windows accesses a directory on an NTFS volume, it updates the LastAccess time stamp on each directory it detects. Therefore, if there are a large number of directories, this can affect performance. / System Key: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem]
Value Name: NtfsDisableLastAccessUpdate
Data Type: REG_DWORD (DWORD Value)
Value Data: (0 = disable, 1 = enable) / OPEN
OPEN / Web Server and State Server
Ensure that the SERVER service istuned properly. / Setting this to “Maximize Throughput for Network Apps” optimizes performance for I/O and WINSOCK intensive applications (Agent servers) on systems that aren’t memory starved. Setting this to “Maximize data throughput for File Sharing” optimizes the server to dedicate as many resources as possible for file access/sharing based applications (State Server). Setting this to “Balance” does just that, it provides a balance of resources for servers that do both I/O intensive services as well as file sharing-based activities (Web Server) For systems that are memory starved and/or don’t run ANY I/O or WINSOCK intensive apps, “Minimize
Memory Used” is the best. (???) / Open the properties of the pertinent network connection, then the
properties of ‘File and Print Sharing for Microsoft Networks’. / All NFE Components may require a different setting
Disable paging of the NT Executive / Even on a system with a large amount of memory, NT will page out portions of the Executive in order to maximize available memory for apps. Disabling paging can improve OS performance when RAM isavailable. / [HKEY_LOCAL_MACHINE\SYSTEM\Current
ControlSet\Control\Session Manager\Memory Management]
“DisablePagingExecutive”=dword:00000001 / OPEN / All NFE Components
Hard code L2 cache specification / For processors that use direct mapped L2 cache (PII and later don’t), manually setting this entry can yield some performance improvements.The OS attempts to retrieve the amount of cache from the HAL on the server. If it cannot get a value, it defaults to 256k.
See Q228766 and Q183063 for details. / [HKEY_LOCAL_MACHINE\SYSTEM\Current
ControlSet\Control\Session Manager\Memory Management]
“SecondLevelDataCache”=dword(size in KB or zero) / OPEN / All NFE Components
Set Tcp1323Opts to enable large TCP window support / Tcp1323Opts is a necessary setting in order to enable Large TCPWindow support as described in RFC 1323. Without this parameter, the TCPWindow is limited to 64K. / HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Tcp1323Opts="1"
(DWORD, recommended setting is 1. The possible settings are 0 - Disable RFC 1323 options, 1 - Window scaling but no Timestamp options, 3 - Window scaling and Time stamp options.)
Note: Tcp1323Opts="3" might help in some cases where there is increased packet loss, however generally you'll achieve better throughput with Tcp1323Opts="1", since Timestamps add 12 bytes to the header of each packet. / OPEN / Web Server
Specify adapter specific TCP Receive Window Size / This parameter determines the maximum TCP receive window size offered by the system. The receive window specifies the number of bytes a sender may transmit without receiving an acknowledgment. In general, larger receive windows will improve performance over high delay, high bandwidth networks. Reducing the TCP Window size effectively causes an acknowledgment to be sent to the sender for data received sooner. This will lower the possibility that the sender will time out while waiting for an acknowledgment. However it will also increase the amount of network traffic and cause slower throughput. Note: For best results RWIN has to be a multiple of MSS lower than 65535 times a scale factor that's a power of 2, i.e. 44 x 1460 = 64240 x 2^2 = 256960. / System Key: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
Value Name: TcpWindowSize
Data Type: REG_DWORD (DWORD Value)
Value Data: 0 - 0xFFFF (default = 8760 for Ethernet) / OPEN / All NFE Components
Specify System-wide TCP Receive Window Size / The TcpWindowSize parameter can be used to set the receive window on a per-interface basis. This parameter can be used to set a global limit for the TCP window size on a system-wide basis.Note: For best results RWIN has to be a multiple of MSS lower than 65535 times a scale factor that's a power of 2, i.e. 44 x 1460 = 64240 x 2^2 = 256960. / System Key: [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters]
Value Name: GlobalMaxTcpWindowSize
Data Type: REG_DWORD (DWORD Value)
Value Data: 0–0x3FFFFFFF / OPEN / All NFE Components
Change the Maximum Transmission Unit (MTU) Size / This parameter specifies the Maximum Transmission Unit (MTU) for a network interface. By optimizing the MTU setting you can gain substantial network performance increases.
In Dos Prompt, type
ping -f -l [packetsize] [gateway or ISP]
where [packetsize] is the amount of data you want to send ( between 0 and 1500 ) and [gateway or ISP] is your gateway/router/ISP’s gateway IP address (you can also use your gateway, or any server your connection always passes through instead). The largest value that does not give you the error "Packet needs to be fragmented, but DF set" will be your ISP's MTU - 28 (excluding the IP [20 bytes] and ICMP [8 bytes] header), depending on how the server is set. Use the following table to interpret the number you received and determine your ISPs MTU:
Largest non-fragmented value / Your ISP's MTU (what you should use) / Description
1472 / 1500 / Used for Ethernet, 1472+28=1500
1468 / 1496 / The Ethernet standard is actually 1496, although 1500 is widely used for simplicity
1464 / 1492 / The largest possible MTU on PPPoE connections is 1492
548 / 576 / 576 is widely used for dial-up modems...
some other <number> / either use 1500, the <number> you got, or <number>+28. / you might want to check your Registry, your own MaxMTU setting could be the limiting factor if it is set too low.
/ System Key: [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\
Interfaces\[Adapter ID]]
Value Name: MTU
Data Type: REG_DWORD (DWORD Value)
Value Data: Default = 0xffffffff / Web Server
Enable UDMA66 Mode on Intel Chipsets / If you have a computer with an Intel chipset that supports UDMA66, you will still find that UDMA66 mode is disabled by default on Windows 2000 computers. This tweak allows you to enable or disable it. Note: Before you enable UDMA66 mode make sure that the device supports UDMA66 mode and use an 80-pin IDE cable with the proper pin cut. / System Key: [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Class\
{4D36E96A-E325-11CE-BFC1-08002BE10318}\0000]
Value Name: EnableUDMA66
Data Type: REG_DWORD (DWORD Value)
Value Data: (0 = disabled, 1 = enabled) / OPEN / All NFE Components
Enable the Network Adapter Onboard Processor / If your network adapter has an onboard processor, designed to offload network processing from the system CPU, it is disabled by default. This setting allows you to enable it and increase the processing speed of your system. / System Key: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
Value Name: DisableTaskOffload
Data Type: REG_DWORD (DWORD Value)
Value Data: (0 = Use NIC Processor, 1 = Disable NIC Processor) / OPEN / All NFE Components
Optimize Windows TCP/IP Connection Retransmissions / This parameter determines the number of times TCP will retransmit a connect request (SYN) before aborting the attempt. The retransmission timeout is doubled with each successive retransmission in a given connect attempt. This tweak will only be used as a possible response to severe packet loss. / System Key: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
Value Name: TcpMaxConnectRetransmissions
Data Type: REG_DWORD (DWORD Value)
Value Data: 0 - 0xFFFFFFFF (Default = 3) / OPEN / All NFE Components
Automatically Reboot on the 'Blue Screen of Death' / Windows will usually freeze when getting a dreaded 'Blue Screen of Death' (BSOD). Changing this setting will force Windows to automatically reboot when it crashes instead. / System Key: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl]
Value Name: AutoReboot
Data Type: REG_DWORD (DWORD Value)
Value Data: (0 = disabled, 1 = enabled) / OPEN / All NFE Components
Load Balance Network Adapters / If you have two or more network cards in your system this setting allows you to distribute the number of connections, or sessions among the adapters according to a randomizing algorithm. / System Key: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters]
Value Name: RandomAdapter
Data Type: REG_DWORD (DWORD Value)
Value Data: (0 = disabled, 1 = enabled) / OPEN / Web Server
Specify the Default Time to Live for TCP/IP Packets / Specifies the default Time To Live (TTL) value set in the header of outgoing IP packets. The TTL determines the maximum amount of time an IP packet may live in the network without reaching its destination. It is effectively a limit on the number of routers an IP packet may pass through before being discarded. In most cases, setting this to 64 hops can provide optimal performance. / System Key: [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters]
Value Name: DefaultTTL
Data Type: REG_DWORD (DWORD Value)
Value Data: 1-255 hops / OPEN / All NFE Components
Change the TIME_WAIT Timeout to Increase Connections / Determines the time that must elapse before TCP can release a closed connection and reuse its resources. This interval between closure and release is known as the TIME_WAIT state or 2MSL state. During this time, the connection can be reopened at much less cost to the client and server than establishing a new connection.RFC 793 requires that TCP maintains a closed connection for an interval at least equal to twice the maximum segment lifetime (2MSL) of the network. When a connection is released, its socket pair and TCP control block (TCB) can be used to support another connection. By default, the MSL is defined to be 120 seconds, and the value of this entry is equal to two MSLs, or 4 minutes. However, you can use this entry to customize the interval.Reducing the value of this entry allows TCP to release closed connections faster, providing more resources for new connections. However, if the value is too low, TCP might release connection resources before the connection is complete, requiring the server to use additional resources to reestablish the connection. The default is 240 seconds which on a busy server will limit the maximum connections to around 200/sec. Reducing this setting will increase the maximum connection limit. A recommended value to try is 100 seconds. / System Key: [HKEY_LOCAL_MACHINE\System\CurrectControlSet\Services\Tcpip\Parameters]
Value Name: TcpTimedWaitDelay
Data Type: REG_DWORD (DWORD Value)
Value Data: 30-300 seconds (decimal) / OPEN / All NFE Components
Tune the size of the IIS5 data cache / IIS 5 uses an in-memory cache to hold objects that are accessed most frequently. It's faster to serve up an object out of physical RAM than it is to fetch it from disk, of course. But if you're serving up data that is constantly being changed or updated, and you need to devote more room on your server to the processing of queries, you can change the size of the IIS cache. Performance data coming soon. The default is calculated by Windows NT/2000 as 50% of available memory. / HKEY_LOCAL_MACHINE \SYSTEM \CurrentControlSet \Services \Inetinfo \Parameters\ MemCacheSize (REG_DWORD)
(size set in megabytes) / OPEN / Web Server
Tune/enable Bandwidth Throttling for the Default Web Site / Bandwidth throttling lets you control the amount of bandwidth used for static objects (HTML pages and images)Since this controls bandwidth utilization for the WWW service, and not intra-farm communication, you may want to experiment with setting a maximum calculated value of 50% or total bandwidth, thus leaving plenty of headroom for communication with the rest of the Portal farm. / To throttle the bandwidth for the Default Site, right-click on its icon in the IIS console, select Properties, choose the Performance tab, select "Enable Bandwidth Throttling," and type in the maximum number of kilobytes per second (KBps) you want to allow. / Web Server
Accurately set Performance Tuning settings based on hits per day / This setting is used to control memory allocation and file caching based on number of expected hits per day. With NFE it is important to remember, that every CDS request that required the rendering of content is viewed as a “hit”. Therefore set this setting appropriately. / To set the Hit Ware Performance Tuning setting, right-click on its icon in the IIS console, select Properties, choose the Performance tab and move the slider to the range that most accurately described your monitored usage. If this is a new portal, start with the “Fewer than 10,000” setting. / Web Server
Tune/enable process throttling of maximum allowed CPU usage / Process throttling lets you control the amount of CPU bandwidth used for the rendering and requests of the Default Web Site. Since this controls CPU utilization for the WWW service, and not intra-farm communication, you may want to experiment with this setting in efforts to leave plenty of CPU cycles for other NFE services and farm communication. / To enable process throttling, right-click on its icon in the IIS console, select Properties, choose the Performance tab, and place a check in the “Enable process throttling” check box. If the Web server is stand alone, try a setting of 50%. If the Web Server service coexists with other NFE services on the same box, you may want to try a setting of 33% or lower. If the “Enforce Limits” box is not checked, the only consequence is that an event is written to Event Log with the assigned limit is exceeded. Checking “Enforce Limits” is recommended. / Web Server
Properly set/tweak “LargeSystemCache” on Windows 2000 Servers. / When enabled (the default on some Server versions of Windows 2000), this setting tells the OS to devote all but 4 MB of system memory (which is left for disk caching) to the file system cache. The main effect of this is allowing the computer to cache the OS Kernel to memory, making the OS more responsive. The setting is dynamic and if more than 4 MB is needed from the disk cache for some reason, the space will be released to it. By default, 8MB is earmarked for this purpose. This tweak usually makes the OS more responsive. It is a dynamic setting, and the kernel will give up any space deemed necessary for another application (at a performance hit when such changes are needed).As with the previous key, set the value from 0 to 1 to enable. Note that in doing this, you are consuming more of your system RAM than normal. While LargeSystemCache will cut back usage when other apps need more RAM, this process can impede performance in certain intensive situations. According to Microsoft, the "[0] setting is recommended for servers running applications that do their own memory caching, such as Microsoft SQL Server, and for applications that perform best with ample memory, such as Internet Information Services." This setting should be DISABLED for SQL Datastores, Web Servers. It should be ENABLED for State Servers (when a dedicated machine is used) and Agent Servers (when a dedicated machine is used). / Key:HKLM/System/CurrentControlSet/Control/Session Manager/Memory Management
Name: LargeSystemCache
Data Type: REG_DWORD
Value: 0 disables, 1 enables / OPEN / All NFE Components