| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| Overhead when adding SSL to channels on Z/Linux? |
« View previous topic :: View next topic » |
| Author |
Message
|
| rhondas2 |
 Posted: Fri Dec 26, 2003 9:12 am Post subject: Overhead when adding SSL to channels on Z/Linux? |
 |
|
Newbie
Joined: 26 Dec 2003
Posts: 1
|
| We have an existing MQ environment on Z/Linux, and will be adding SSL to the channels. Does anyone have documentation or experience adding SSL to channels on z/Linux, so we can know what type of hit to expect in overhead and performance? |
|
| Back to top |
|
 |
| cicsprog |
| Posted: Fri Apr 15, 2005 7:25 am Post subject: |
|
|
Partisan
Joined: 27 Jan 2002
Posts: 347
|
| We are considering adding SSL to a z/Linux MQM. Anyone have some overhead numbers? |
|
| Back to top |
|
|
| hopsala |
| Posted: Sun Apr 17, 2005 4:52 am Post subject: |
|
|
Guardian
Joined: 24 Sep 2004
Posts: 960
|
I browsed through some performance reports in mq docs and my own, and I see no reference to this topic, so I cannot give you exact figures.
However, keep in mind that SSL handshaking is done only at binding time (that is, when channels go from inactive to running), and after the acknoledgmenet process is done, the encryption is regular symmetric-key encription.
This means that the performance degradation which you can expect is the usual encription cpu cost, this is much dependant upon the machine, but in a solid server, should be no more than say, 30%, usually much less.
Best thing for you to do, is to do a performance check yourself. Shouldn't take more than half-a-day's work, and post the results here (with exact machine, message size etc specifics) so that we shall all be wiser for it 
(P.S I think there are support packs that you can use for performance checks) |
|
| Back to top |
|
|
| cicsprog |
| Posted: Tue Apr 19, 2005 12:34 pm Post subject: |
|
|
Partisan
Joined: 27 Jan 2002
Posts: 347
|
I searched all the supportpacks for this type of benchmarking prior to posting here too : ). Anyway, ETR'd it and here was IBM’s response:
"Performance information for SSL is available in 1907.PRB.
This PRB provides results of testing on the AIX platform,
but should provide a good indication of the effects of enabling SSL on WMQ channels, with respect to the CipherSpec used, on other UNIX platforms."
In this document:
"Without any SSL, the base product achieved a peak throughput of
5,600 round trips/sec. Using only the null_md5 cipher method, the base product achieved a peak throughput of 4,623 round trips/sec therefore, using the null_md5 cipher method will provide 83% of the throughput of the base product when utilized"
ouch! I am looking at a CSS hardware encryption before going down this path.
Obviously your mileage will vary - depending on numerous factors 
PM me if you want the full write-up and graphs. |
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
