Sitemap

Configurations To Improve Application Performance

Discover how Pleasant Password Server will enhance KeePass for business

Password Server is an easy-to-use application that has grown in flexibility, stability, with powerful features and integrations. The addition of many new features has added some sophistication to an otherwise simple application.

With this added ability has come new configuration, new possibilities, and potential to speed-up or slow down the access your users will be expecting.

Here is a list of setup configuration, usage, and environmental factors that may enhance the performance of your implementation.

Browse the Questions & Categories below for improvements which best match your concerns or interest.

Areas of Concerns

  1. KeePass

    • Why is loading the Web client faster than KeePass for Pleasant?
      • The KeePass for Pleasant & Mobile clients loads folder & entry information at login time, so that future browsing and searching is quick. Only passwords are loaded as-needed.
      • Web browser client loads small amounts of information as it is needed, and so future searching and retrievals will also request information from the server at that time.
    • Why is the KeePass for Pleasant take longer than standard KeePass?
      • Additional User Management, Features, & Security that handles multiple users and roles,
      • Interaction with a centralized server & database across a network,
      • Added volume of information included in the password server database,...
      • ... along with strong Encryption & Decryption of information, all require significant processing and consumes server CPU and RAM.
    • Why is the KeePass for Pleasant search longer than the web client?
      • By default this option should be turned off: "Search for passwords in Quick Search".
        • It is found in Tools > Options > Interface > Quick Search (Toolbar).
    • Why does Auto-Type take awhile, when KeePass has been opened for awhile?
      • The KeePass for Pleasant application may have a short timeout which can be increased in the Timeout Policy
    • Having passwords be displayed as plain text can cause slowdown
      • To set this option open the Keepass Client - Tools > Options > Policy > check/uncheck "Unhide Passwords*"
        • There's also an option under Interface > Advanced > check/uncheck "Require Password repitition only when hiding using asteriks is enabled"
    • Print Group (Folder)
      • In some instances this operation can take a lot of time if there are a large number of passwords in the tree.
        • This takes a lot of time because we are attempting to fetch each individual password at the same time
      • A work around to speed this up will be to first do an offline cache, after which you should be able to Print the folder tree almost instantly.
    • Changing Entry Icons/Colors causes KeePass to lock up
      • Check to see if notifications are turned on. If this is the case please temporarily disable notifications while making these changes. 
  2. AD/LDAP

    • Do you have Directory Syncing enabled? Health Check? How often are they scheduled?
    • How large is your Directory and how spread out are the users and groups?
      • see recommendations: AD/LDAP structure (section below)
    • Do you have 1 particular Domain Controllers specified or is the AD/LDAP Domain specified?
    • Which port or you using? 386 or 3268 (global catalog)?
  3. Database

    • Are you using the default database or an upgraded database (e.g. MS-SQL, Postgres, Azure)
      • Updating to one of these will help handling larger installations
      • see: Upgrade the Database (section below)
  4. Amount of Data

  5. Folder Tree

  6. Admin Users / Regular Users

    • Are your Administrators able to login and navigate through the application at the same speed as your regular users?
      • We encourage administrative users with accounts that have access to a large amount of entries (> 20,000) to use Web Admin client when possible
      • Admin usage of KeePass for the desktop with very large databases (e.g. > 5,000 users) is not yet well supported. But in the future there will be an option to Load On Demand in this client as well.
      • see section below: Limit user access
  7. Duration

    • How long does it take to login? How long do other operations take?
  8. Server

    • Does your Server still meet the Hardware Requirements?
    • Sometimes it is tempting to add many different kinds of processes on the same Server. Is this case with your Server, or is the process isolated on your Server / VM?
  9. Network

    • How sophisticated is your network? Is there a difference if you run the applications locally on the Password Server, or if you login remotely or through a VPN?
      • Using the web client may be more performant in this situation

Configuration Improvements

Keep Software Updated

  • We have continued to add many performance improvements in recent versions.
    • KeePass Client Improvements: soon we will also be adding further improvements especially for the KeePass for Pleasant client. This will also be updated to reflect the latest KeePass version 2.38 enhancements.
  • Security concerns change quickly! We highly recommend keeping updated with recent versions of security software:
    • To keep Updated with Security Patches,
    • For Performance Improvements (especially for the KeePass desktop client), and
    • Additional New Features

  • It is a good IT practice to first Test new installations on Test Servers, especially when:
    • Migrating from an old version (especially if more than a year) or to the Latest version

Increase Logging Details: Server, Performance, & KeePass

  • It's possible to view if there are additional errors, or even the timing of how long operations take:

Folder Structure

  • Currently folder structures will perform slower if they have really large folders or are really deep (many nested folders)
    • Reduce the amount of items in any one folder (e.g. eliminate really gigantic folders)
    • Also, Folder trees only need to be between 2 and 10 levels deep, including the entries. Trim your tree so that it's not a really deep folder tree (e.g. 100 levels deep) with many nested folders (i.e. folder within a folder, within a folder, within a folder, etc., etc.)
  • This can be especially noticeable through the KeePass or mobile clients

Change Starting Folders

(Enterprise+)

  • The application defaults to loading user's information starting with the Root folder
  • Changing users' Starting Folders to the Favourites folder will perform quicker

Limit User access

  • Limit the number of folders/entries that most user have access to.
  • Use Roles to determine which users need access to which.

Cleanup Old Entries

  • Delete duplicate or older credentials and information no longer in use

Attachments

  • Reduce the amount & size of attachment files - set the maximum attachment size in the app settings.
    • The Attachment Report will show where these are located in your folder structure.
  • Especially beneficial for mobile client usage

LDAP/AD Directory

Active Directory itself is self-tuning and so should not require performance tuning. However, there are some structure/setup configurations on AD or in Password Server that are helpful.

  • Change Directory Sync Frequency

    • Recommendation: schedule the synchronization on only once or twice daily, outside business hours.

  • Limit the Directory Scope

    • The scope the Directory queries greatly impacts the performance:

      • Set the User Relative DN to the OU which directly contains only your Password Server Users
      • Set the Group Relative DN to the OU which directly contains only your Password Server Users Groups

  • Use a User Search Filter (Recommended)

    • Add an Additional Search Filter
    • Limit the Scope of your AD directory searches: so there are less users, groups, objects, & containers to search at login time
    • Note: This can make an especially big difference if your users are spread all over the AD tree.

  • Change the Host

    • If you are experience connection failures, you may consider making this change.
    • AD/LDAP provides failover - Our standard recommendation is to connect to the general Domain of the LDAP/AD directory and let LDAP/AD find the non-busy available Domain Controller.
    • The Structure of your Directory/Directories can have an impact:
      • Is your directory always connecting with the Primary Domain Controller, (which should have the Global Catalog)?
      • Does your directory connect to another controller, which does not have the permissions (or, does not have a Global Catalog)?
  • Use the Global Catalog

    • If Password Server is directly connecting to the Global Catalog for each Domain Controller, this will be faster.

      • Also, using port 3268 uses the Global Catalog (see next point)
  • Turn off Get Nested Groups (LDAP only)

    • Leaving the option for Get Nested Groups enabled can result in performance issues when interacting with the LDAP server

  • Change the Port
    • If your Directory structure is spread out, for example: you are using many Directories / Domain Controllers / Forest implementation. It may potentially experience some slowdowns, by having to look through the various domains.
      • Setting up your directory to use the port 3268 (or 3269 using SSL), will automatically point all queries to the Global Catalog. This would will work best if all Domain Controllers have a Global Catalog.

  • Add Health Check
    • Some customers may find that their firewall is quick to close connections to AD/LDAP.
    • By adding a scheduled Health Check every minute or more, this will send a keep-alive message to hold the connection open

Upgrade the Database

  • Upgrading to a PostgreSQL or MS-SQL database has been shown by some customers, to provide better performance.
  • If you have 50 - 100 or more users, you will experience performance improvements by upgrading.
  • Upgrade if you notice these:
    • have many concurrent users
    • notice users having trouble logging in
    • notice database locks in the logs
    • notice longer/variable wait time
  • For more information: see Upgrade your Database Type

Limit Long-Running Processes

  • Check that these Schedules are not creating strain during core usage times, which can also adversely affect other users:
    • Database Backups (once daily should be sufficient)
    • Running Reports / Report Schedules
    • Offline synchronizations
    • KeePass Imports / Exports

  • Generally it is best to not have these scheduled during the day if you are noticing strains.

Change your Policy Timeouts

  • Having overly short Timeouts in your Policy (for Logins or client OAuth Tokens) can also have an effect on Server performance as it effects the number of re-synchronizations that are hitting the server.
  • Increase the lockout time and rely on locking your workstation (as in, Windows Key + L) to reduce the number of re-syncs occurring.

Dedicated Server

  • It is optimal especially for larger numbers of users, to leave Password Server isolated running in its own space, away from other from other large applications, on a dedicated VM, Server, or Machine.
  • In addition to security concerns, adding additional third-party programs and services could come into conflict / competition for resources: network, CPU, & files.

Anti-Virus Scanning

  • In the very rare case, a machine anti-virus may create interference with the application, causing some degradation in performance or even locking/interfering with system files. Recommended options:
  • Known Anti-Virus past conflicts:

    • Kaspersky
    • McAfee

Use IIS Hosting

  • Hosting your application with IIS will provide a better, robust enterprise experience, especially with more concurrent users.
  • For more information: see Hosting with IIS

Disable Extra IIS Logging

  • A modification to this setting could help increase Server performance:
    • Disable traceFailedRequestsLogging in your PleasantPasswordManagerHost.config file
    • In IIS Express the default folder for this file is here:
      • %ProgramData%\Pleasant Solutions\Password Server\IISExpress

  • Note: if this is applicable to your installation / has not been already done

Please let Support know if you need further assistance or for additional comments/questions.

We are very interested in knowing your results!