Performance Fine Tuning Hints (Draft)

Owned by SasiKumar Ganesan
Feb 14, 2024
2 min read

This page contains the possible hints for performance tuning.

  • HSM - HSM plays a key role in most of the system. Ensure the HSM is not overloaded. SoftHSM is not a production-grade setup. This should be avoided in the production setup.

  • Keycloak - Keycloak is the main authorization server for all our microservices. All the internal calls happen only if Keycloak has the right authorization. Overloading the Keycloak with multiple sessions could result in performance degradation of the entire system. So please validate the Keycloak active session. The number of sessions should match the number of microservices (pods) deployed

  • S3 - S3 services are used to store and retrieve packets/biometrics. During the processing of packets, the data in the S3 is cached for better performance. If S3 is slow or Cache is not deployed you would receive thread blocks randomly across the registration processor.

  • Index - Ensure you have applied all the respective indexes for your setup. Watch out for slow queries in your Postgres setup. Ensure to use Citus/any of the Postgres pooling solution

  • Archive tables - As you continue to use MOSIP some of the tables tend grow larger in size. The archive script from MOSIP provides you with the ability to archive records from tables that need store information online. Use the script effectively and move the archived data to your backups so the Database stays light.

  • Large tables - Despite archival, some of the tables continue to grow. IDRepo and IDA are one such example. As these tables store certain form of biometrics they outgrow the limits faster. Use CITUS to shard the table (Very similar to partition).

  • Overloaded - Ensure the CPU & Memory usage of the bare-metal or VM. Service could restart if the necessary memory & CPU are not allocated. Sometimes under heavy load, you may see multiple restarts. Please ensure a good amount of resources are provided this will reduce the restarts.

  • Field Operation - If the inflow of packets is too high then it may help to regulate the packets by stopping all the inflow at a secure notification zone and using the reprocessor to process all packets. This approach allows for any number of packets to be uploaded while the processing happens at a regular speed.

  • Packet upload - Regularly update the packets to the server. Do not force everyone to upload during a specific time. Some field SOP’s ask for the upload of packets as an end-of-day process. This leads to a storm of packets uploaded to the server. To avoid this the default registration client is setup to upload packets continuously when connected online.