SungHoon_Kim

How to ensure there are sufficient entropy for SiteMinder Policy Server

Blog Post created by SungHoon_Kim Employee on Sep 23, 2015

In SiteMinder documentation, it instructs to perform the following.

 

How to Prepare for the Policy Server Installation

(Red Hat Linux) The Red Hat operating system relies on entropy for performance. Increase entropy before installing the component. Without sufficient entropy, the installation can take an exceedingly long time to complete. Use the following commands:

mv /dev/random /dev/random.original
ln -s /dev/urandom /dev/random

 

When using /dev/random, if there is insufficient entropy it will be blocking until there is sufficient entropy while the /dev/urandom does not.

More info here. https://en.wikipedia.org/wiki//dev/random

 

What I usually do is, make use of the random number generator daemon instead.

 

# vi /etc/sysconfig/rngd

Edit:

# Add extra options here

# Following means at every 5 seconds the entropy will be replenished to 4096

# Advice is to "cat /proc/sys/kernel/random/entropy_avail" every second to see how

# much demand there is for random numbers and adjust "-t" or "-W" to accommodate

# the demand

EXTRAOPTIONS="-i -o /dev/random -r /dev/urandom -t 5 -W 4096"

# service rngd start

# chkconfig rngd on

 

What above option does is, it will replenish a bucket of 4096 random numbers every 5 seconds.

And setting the service to start automatically.

 

Check how many entropy is currently available

          # cat /proc/sys/kernel/random/entropy_avail

 

Before this configuration change, there would usually be around 1000 during high and around 100 during low.

 

Note: (newer) Policy server installation may check for the symbolic link /dev/urandom as instructed in the documentation.

           In that case, you will need to follow the documentation to make the symbolic link otherwise the installation cannot continue.

           You can revert the configuration after that.

Outcomes