Intel AS/400 RISC Server User Manual

Page 147

Advertising
background image

Notes:
y

Transaction Length set at 1024 bytes

y

See section 8.2 for Test Environment information

465

2048

10

SHA-1 / RSA

308

2048

1

SHA-1 / RSA

1,074

1024

10

SHA-1 / RSA

794

1024

1

SHA-1 / RSA

4764

(Transactions/second)

RSA Key Length

(Bits)

Threads

Encryption

Algorithm

Signing Performance

CCA CSP

Table 8.5

Notes:
y

See section 8.2 for Test Environment information

966

100000

10

945

10000

1

4764

(Transactions/second)

Total Repetitions

Threads

Financial PINs Performance

CCA CSP

Table 8.6

8.5 Cryptography Observations, Tips and Recommendations

y

The IBM Systems Workload Estimator, described in Chapter 23, reflects the performance of real user
applications while averaging the impact of the differences between the various communications
protocols. The real world perspective offered by the Workload Estimator may be valuable in some
cases

y

SSL/TLS client authentication requested by the server is quite expensive in terms of CPU and should
be requested only when needed. Client authentication full handshakes use two to three times the CPU
resource of server-only authentication. RSA authentication requests can be offloaded to an IBM 4764
Cryptographic Coprocessor.

y

With the use of Collection Services you can count the SSL/TLS handshake operations. This
capability allows you to better understand the performance impact of secure communications traffic.
Use this tool to count how many full versus cached handshakes per second are being serviced by the
server. Start the Collection Services with the default “Standard plus protocol”. When the collection is
done you can find the SSL/TLS information in the QAPMJOBMI database file in the fields JBASH
(full) and JBFSHA (cached) for server authentications or JBFSHA (full) and JBASHA (cached) for
server and client authentications. Accumulate the full handshake numbers for all jobs and you will
have a good method to determine the need for a 4764 Cryptographic Coprocessor. Information about
Collection Services can be found at the System i Information Center. See section 8.6 for additional
information.

Symmetric key encryption and signing performance improves significantly when multithreaded.

IBM i 6.1 Performance Capabilities Reference - January/April/October 2008

©

Copyright IBM Corp. 2008

Chapter 8 Cryptography Performance

147

Advertising
This manual is related to the following products:

170 Servers, 7xx Servers

Popular Brands
Popular manuals