Solved

Formula to determine SSL processing overhead for web transactions?

Posted on 2011-02-25
2
439 Views
Last Modified: 2012-06-22
Hi everyone,
Was wondering if any one had any thoughts on a formula which we could use to determine the overhead on a server to handle incoming SSL web connections.  Basically looking for a way to say with x number of ssl connections coming in, that causes y amount of overhead to process, which equals needing z resources on the server.  

Honestly not sure if there is a way to do this and guess would have to define certain things, like "what is a ssl transaction".  Is it the complete handshake or just the incoming hit, etc.

Curious to see if anyone has any thoughts...

Thanks.
0
Comment
Question by:frankrizzo1856
2 Comments
 
LVL 10

Expert Comment

by:lanboyo
ID: 34983972
Depends on the operating system.

On a unix box you can test with a self signed certificate and watch system resources with top as the connection is made and multiply by the number of desired connections. Barring this you can consult with your certificate vendor.
0
 
LVL 20

Accepted Solution

by:
edster9999 earned 500 total points
ID: 34984052
The overhead for SSL is very low compared to the benefits.
The 'heavy' CPU work happens on first contact.  Setting up the keys for the rest of the session involves pretty heavy asymmetrical encryption maths. But the good news is this only happens once at the start (well to be exact it will be repeated if your session lasts long enough - but that is not often)
The measure of this is not easy.  Every different system is different in how it deals with this. Some systems do it in software, some in hardware.
The best measure you could do would be to set up your system to return the same pages to http and https (with and without ssl) then to measure lots of pages.
Jmeter is a great tool for this.
Pull 100 pages from 10 users.  You'll find the first pages they pull are a bit slower but the other pages go just as quick as the non-ssl versions.
So the answer is.... Ssl will slow you down. But not much. A very rough 'guess' for a system which does all the ssl in software (like IIS) would be when you pull 10 pages the first one takes twists as much CPU as the non ssl version and the other 9 would use a little bit more so the CPU time for 10 ssl pages would be similar to 12 or 13 pages on the other non ssl site.
The advantage of security and safety make this worth while :)

0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction This article explores the design of a cache system that can improve the performance of a web site or web application.  The assumption is that the web site has many more “read” operations than “write” operations (this is commonly the ca…
SSL stands for “Secure Sockets Layer” and an SSL certificate is a critical component to keeping your website safe, secured, and compliant. Any ecommerce website must have an SSL certificate to ensure the safe handling of sensitive information like…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question