|
Related Topics:
| AspBufferingLimit and impact on server performance - I've increased the max buffer to 40MB to upload and download files using ASP Stream). I'm wonder what kind of impact this have on the server It seems that the only impact is the potential page with infinite loop and not..
IIS 6.0 Worker Processes - impact to server during recycle? - I'd like to set my worker processes to recycle at 3am every day. My question - how long does it take to recycle? Will my web server be during the time it tkaes to recycle?
Connecting to Https is too slow form internet for IIS 6.0 - Does anyone who can help me to figure the following problem: First I set my web site to accept https only. It works in intranet is fine; however, when I try to connect it from internet, it takes me almost 1 minute to I've
IISState Analysis - IIS stops serving ASP pages. Maybe possible memory leak or memory? Opened log file Starting new log output IISState version 3.3.1 Sat Oct 30 18:45:20 2004 OS = Windows 2000..
IISState Analysis - IIS stops serving asp pages. Maybe a memory leak
|
|
|
Next: what does internap do ?
|
| Author |
Message |
External
Since: Nov 14, 2007
Posts: 6
|
(Msg. 1) Posted: Wed Nov 14, 2007 9:42 am
Post subject: Impact of SSL
Archived from groups: microsoft>public>inetserver>iis, others (more info?)
|
|
|
Hello all,
I administer servers that run a busy web application. The IIS servers
are load balanced, currently Windows 2000 Advanced Server but upgrading
to 2003 very soon.
At the moment, only the login process is always secured. A fully SSL
secured session is an optional extra that the user can choose at logon.
We're looking to move to forcing SSL across the whole application and
removing the possibility of a plain HTTP session.
We need to be sure that we still have the capacity to cope after the
switchover. Does anyone know what kind of performance/capacity impact
this might have on our webservers? I guess it's probably hard to gague
without some kind of stress testing tool - can anyone recommend anything?
Thanks in advance,
--
Chris M.
Remove pants to email me. |
|
| Back to top |
|
 | |
External
Since: Aug 23, 2003
Posts: 3041
|
(Msg. 2) Posted: Thu Nov 15, 2007 12:59 am
Post subject: Re: Impact of SSL [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
With Windows Server 2003 SP1, you can enable kernel-mode SSL. This moves the
most expensive part of the SSL/TLS process (the handshake) into kernel mode,
and removes a number of context switches between user mode (LSASS) and
kernel mode (http.sys). With that, you can expect about a 10% degradation in
performance. That number varies depending on how long your key lengths are
(stronger keys = more overhead), and what ratio of session setup /
established sessiont traffic you have.
If you are running into performance issues, yuo could just add another box.
Or look at an SSL offloading device to place in front of your servers.
Cheers
Ken
"Chris M" <News RemoveThis @mckeownpants-online.com> wrote in message
news:fheg0t$tra$1@aioe.org...
>
> Hello all,
>
> I administer servers that run a busy web application. The IIS servers are
> load balanced, currently Windows 2000 Advanced Server but upgrading to
> 2003 very soon.
>
> At the moment, only the login process is always secured. A fully SSL
> secured session is an optional extra that the user can choose at logon.
>
> We're looking to move to forcing SSL across the whole application and
> removing the possibility of a plain HTTP session.
>
> We need to be sure that we still have the capacity to cope after the
> switchover. Does anyone know what kind of performance/capacity impact this
> might have on our webservers? I guess it's probably hard to gague without
> some kind of stress testing tool - can anyone recommend anything?
>
> Thanks in advance,
>
> --
> Chris M.
>
> Remove pants to email me. |
|
| Back to top |
|
| |
External
Since: Nov 14, 2007
Posts: 6
|
(Msg. 3) Posted: Thu Nov 15, 2007 7:59 am
Post subject: Re: Impact of SSL [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
Ken Schaefer wrote:
> With Windows Server 2003 SP1, you can enable kernel-mode SSL. This moves
> the most expensive part of the SSL/TLS process (the handshake) into
> kernel mode, and removes a number of context switches between user mode
> (LSASS) and kernel mode (http.sys). With that, you can expect about a
> 10% degradation in performance. That number varies depending on how long
> your key lengths are (stronger keys = more overhead), and what ratio of
> session setup / established sessiont traffic you have.
>
> If you are running into performance issues, yuo could just add another
> box. Or look at an SSL offloading device to place in front of your servers.
>
> Cheers
> Ken
Thanks Ken,
I'll be looking at hardware SSL devices today to see what sort of cost
we should expect.
Cheers,
Chris.
> "Chris M" <News DeleteThis @mckeownpants-online.com> wrote in message
> news:fheg0t$tra$1@aioe.org...
>>
>> Hello all,
>>
>> I administer servers that run a busy web application. The IIS servers
>> are load balanced, currently Windows 2000 Advanced Server but
>> upgrading to 2003 very soon.
>>
>> At the moment, only the login process is always secured. A fully SSL
>> secured session is an optional extra that the user can choose at logon.
>>
>> We're looking to move to forcing SSL across the whole application and
>> removing the possibility of a plain HTTP session.
>>
>> We need to be sure that we still have the capacity to cope after the
>> switchover. Does anyone know what kind of performance/capacity impact
>> this might have on our webservers? I guess it's probably hard to gague
>> without some kind of stress testing tool - can anyone recommend anything?
>>
>> Thanks in advance, >> Stay informed about: Impact of SSL |
|
| Back to top |
|
| |
External
Since: Nov 16, 2007
Posts: 1
|
(Msg. 4) Posted: Fri Nov 16, 2007 6:53 am
Post subject: Re: Impact of SSL [Login to view extended thread Info.]
Archived from groups: microsoft>public>inetserver>iis, others (more info?)
|
|
|
On Nov 14, 8:47 pm, "Ken Schaefer" <kenREM....DeleteThis@THISadOpenStatic.com>
wrote:
> With Windows Server 2003 SP1, you can enable kernel-mode SSL. This moves the
> most expensive part of the SSL/TLS process (the handshake) into kernel mode,
> and removes a number of context switches between user mode (LSASS) and
> kernel mode (http.sys). With that, you can expect about a 10% degradation in
> performance. That number varies depending on how long your key lengths are
> (stronger keys = more overhead), and what ratio of session setup /
> established sessiont traffic you have.
>
> If you are running into performance issues, yuo could just add another box.
> Or look at an SSL offloading device to place in front of your servers.
>
> Cheers
> Ken
>
> "Chris M" <N....DeleteThis@mckeownpants-online.com> wrote in message
>
> news:fheg0t$tra$1@aioe.org...
>
>
>
>
>
> > Hello all,
>
> > I administer servers that run a busy web application. The IIS servers are
> > load balanced, currently Windows 2000 Advanced Server but upgrading to
> > 2003 very soon.
>
> > At the moment, only the login process is always secured. A fully SSL
> > secured session is an optional extra that the user can choose at logon.
>
> > We're looking to move to forcing SSL across the whole application and
> > removing the possibility of a plain HTTP session.
>
> > We need to be sure that we still have the capacity to cope after the
> > switchover. Does anyone know what kind of performance/capacity impact this
> > might have on our webservers? I guess it's probably hard to gague without
> > some kind of stress testing tool - can anyone recommend anything?
>
> > Thanks in advance,
>
> > --
> > Chris M.
>
> > Remove pants to email me.- Hide quoted text -
>
> - Show quoted text -
I did a series of tests back in 2003 on Server 2003 and measured the
perf impact of encrypting the data stream as something around 5%. This
is pure CPU overhead as there was no other measurable or observed
impact. This discounts the cost of doing the handshake, but that
matches your scenario since you are doing the handshake already during
authentication.
HTH,
Dave >> Stay informed about: Impact of SSL |
|
| Back to top |
|
| |
|
FAQ
Search
Profile
Private Messages
Log in
