| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| WMQ 6 \ SSL Performance on Win & Solaris |
« View previous topic :: View next topic » |
| Author |
Message
|
| hopsala |
 Posted: Sat Nov 01, 2008 12:57 am Post subject: WMQ 6 \ SSL Performance on Win & Solaris |
 |
|
Guardian
Joined: 24 Sep 2004
Posts: 960
|
Hi,
I've been trying to find details about how SSL affects channel performance in Windows XP and Solaris for various cipher suites, but could find very little data, and out of date at that. All I could find here is the following:
http://www.mqseries.net/phpBB2/viewtopic.php?t=32327
http://www.mqseries.net/phpBB2/viewtopic.php?t=12547
http://www.mqseries.net/phpBB2/viewtopic.php?t=9035
http://www.mqseries.net/phpBB2/viewtopic.php?t=12547
...Which maintain inconsistent results, mainly because critical test specs are missing, such as cpu strength, message size, persistency etc.
The only solid data I could find was in the WebSphere MQ for z/OS V6.0 Performance Report, according to which SSL causes up to 50% increase in CPU for small messages, and up to 400% (!) increase in CPU for large messages (>1M). But zOS is a very different OS with unique HW, so I am wary in using this data in evaluating SSL's impact on open systems.
Does anyone have information about this? a link, or home-research results?
Cheers,
Hop |
|
| Back to top |
|
 |
| fjb_saper |
| Posted: Sat Nov 01, 2008 5:12 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
I would suggest you do your own testing. Results vary vastly depending on hardware. If you have a crypto processor installed or if the software has to do the crypto layers etc... All crypto protocols / suites are not equal. So depending on your crypto suite provider you may have differences...
Enjoy 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| mqjeff |
| Posted: Sat Nov 01, 2008 5:49 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
| Also, the results vary drastically based on the cipherspec you choose. |
|
| Back to top |
|
|
| bruce2359 |
| Posted: Sat Nov 01, 2008 7:58 am Post subject: |
|
|
Poobah
Joined: 05 Jan 2008
Posts: 9469
Location: US: west coast, almost. Otherwise, enroute.
|
This is not so much an MQ issue as an SSL issue. Go to Mr. Google and search for SSL+performance. There are a variety of references, including the o/s-specific ones.
The z/OS Performance Report pretty clearly indicates that SSL imposes cpu overhead as compared to non-SSL. Mainframes usually have abundand horsepower (compared to midrange servers).
As with any business decision discussion point, SSL provides a valuable benefit; and for every valuable benefit there is an associated cost.
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
| Back to top |
|
|
| hopsala |
| Posted: Sat Nov 01, 2008 11:42 pm Post subject: |
|
|
Guardian
Joined: 24 Sep 2004
Posts: 960
|
All that you say here I know and agree with. I didn't think i'd find a magic figure which fits all scenarios and all cipher suites. I thought, however, i'd be able to find something that can help me give an estimate, according to different cipher suites and message sizes, like the zOS performance report does.
Alas, no such luck! I'll just have to surmise based on the zOS report and general (non-mq) SSL statistics; time willing, I'll perform some benchmarks later on and post them here.
| bruce2359 wrote: |
| This is not so much an MQ issue as an SSL issue. Go to Mr. Google and search for SSL+performance. There are a variety of references, including the o/s-specific ones. |
Agreed, but the question is how 'standard' is MQ's implementation of SSL and whether it is significanlty slower/faster than 'regular' cases due to misc under-the-hood reasons. To repharse saper, not all SSL implementations were created equal... |
|
| Back to top |
|
|
| bruce2359 |
| Posted: Sun Nov 02, 2008 7:38 am Post subject: |
|
|
Poobah
Joined: 05 Jan 2008
Posts: 9469
Location: US: west coast, almost. Otherwise, enroute.
|
We all appreciate your frustration on this. But, you are asking exactly how will SSL affect your WMQ message channel performance for an unspecified and often dynamic environment.
The simple answer is that SSL has a negative performance impact. SSL is labor-intensive - more so in the handshake, less so in actual data flow. How much is dependent on all the variables that comprise what SSL does, the hardware configurations, how efficiently the o/s dispactches SSL tasks, and the capacity and reliability of the network that exists between the two channel ends.
WMQs implementation of SSL is pretty standard. You can turn it on and off with a channel attribute. So, it's relatively easy to benchmark the various message sizes, and the channel attributes that affect SSL.
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
| Back to top |
|
|
| hopsala |
| Posted: Sun Nov 02, 2008 9:24 am Post subject: |
|
|
Guardian
Joined: 24 Sep 2004
Posts: 960
|
Actually, I wasn't looking for exact figures, only for rough estimates - my apologies if I gave the wrong impression; besides, general estimates can go a long way. For example, though I knew from experience that different suites had a different impact, I had no notion as to how much, and the zOS report gave me a general figure - namely, that some suites are 4 times more cpu-consuming than others. This is obviously a rough figure, hw/os-specific and all, but it's still new, useful information. In other words, any information at all is better than none, if used with care.
Anyways, cheers for the discussion, I guess it's time to pull up the ol' sleeves and start doing some work for a change  |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Sun Nov 02, 2008 1:07 pm Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
Note that you might also want to compare MQ SSL vs MQIPT -SSL and if you are not so well versed in the SSL model starting with MQIPT might make it easier for you...
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| hopsala |
| Posted: Wed Nov 05, 2008 5:10 am Post subject: |
|
|
Guardian
Joined: 24 Sep 2004
Posts: 960
|
Na, I'm quite well acquainted with SSL and have implemented it a number of times in the past, so there's no need for any detours. Besides, since SSL is what i'm going to use for this client, it seems logical to benchmark it and not something else.
Cheers for all the replies. |
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
