1 / 8

Improving Shibboleth Origin Performance

Improving Shibboleth Origin Performance. Walter Hoehn. Internet2 Spring Member Meeting 2004. Origin Transaction Overhead. 50-75% of transaction time falls into one of 3 categories SSL (browser->HS & SHAR->AA) Performance considerations are well understood

reed-frazier
Download Presentation

Improving Shibboleth Origin Performance

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Improving Shibboleth Origin Performance Walter Hoehn Internet2 Spring Member Meeting 2004

  2. Origin Transaction Overhead • 50-75% of transaction time falls into one of 3 categories • SSL (browser->HS & SHAR->AA) • Performance considerations are well understood • Multiple processors, load distribution, hardware accelerators • AA communication with backend data sources • Cost is variable, depending on infrastructure • Optimization is site dependant • We implemented caching in v1.0 • Signing Operations in HS (public key encryption) • Low hanging fruit

  3. Apache XML Security Library • Implements W3c XML Security standards • XML Encryption Syntax & Processing • XML Signature Syntax & Processing • Uses the JCA/JCE interfaces for crypto • Digitally signs SAML AuthN Assertions • Performance Bottleneck • Latency • Throughput • Library Optimizations included in 1.1

  4. JuiCE • JCE -> OpenSSL using JNI • Plugs into existing java apps without modification • Apache, here we come! • OpenSSL Engine

  5. Enough talk, show me the numbers… • Solaris - Sun Netra X1, 500mhz, 1gb RAM • 160.3 ms - Sun JCE Provider • 40.1 ms - JuiCE • OSX - Mac Dual 2ghz G5, 1gb RAM • 12.3 ms- Sun JCE Provider • 8.1 ms - JuiCE • Linux - 2.3 ghz Pentium 4, 1gb RAM • 30 ms- Sun JCE Provider • 9.4 ms - JuiCE

  6. More numbers… • Solaris • 75% improvement • Mac • 34% improvement • Linux • 69% improvement Averages 3 times faster!

  7. Where do we go from here? • Further development of JuiCE • Support for hardware crypto accelerators • Further optimization of XML Security Library • Shibboleth performance FAQ • Best practices for configuration • Hardware/Software platform recommendations • Metrics • Pitfalls

  8. Walter Hoehn wassa@memphis.edu shib-users@internet2.edu juice-dev@xml.apache.org

More Related