The services in Notakey Appliance are by default configured for small user number and minimal resource usage as defined by minimal requirements. If you see that more hardware resources (RAM, CPU) are required, chances are that some fine tuning of the actual services that you are using will be required, as more hardware resources will not be used effectively with default configuration. 


Authentication Service  (NtkAS)

Authentication service provides API endpoint for mobile devices and authentication service consumer API. 


Configure scaling parameters

# configure 5 child processes, each with maximum 128 threads
# remember to combine custom_params with comma, if any are present before
ntk cfg set :nas.custom_params \
 "RAILS_MIN_THREADS=16,RAILS_MAX_THREADS=128,WEB_CONCURRENCY=5"


Enable REDIS cache for NtkAS

Replace IP address with your local config.

ntk cfg setc :nas.caching 1
ntk cfg setc :nas.redis_url "redis://10.0.1.98:6379/cache"
ntk as restart


See this tech note for more information about REDIS setup.


SSO service (NtkSSO)

Provides a SAML endpoint, both as service provider and identity provider. 


Configure scaling parameters

# configure 50 child processes
# remember to combine custom_params with comma, if any are present before
ntk cfg set :sso.custom_params "FPM_MAX_CHILDREN=50"

Enabling REDIS store backend

Module configuration

ntk cfg set :sso.base.\"store.type\" "redis"
# This should be VRRP VIP configured for redis service
ntk cfg set :sso.base.\"store.redis.host\" "10.0.1.98"


Verify that store is being populated with:

docker exec -it redis redis-cli -n 0
> keys sso.*


See this tech note for more information about REDIS setup.