Download presentation
Presentation is loading. Please wait.
Published byProsper Stewart Modified over 8 years ago
1
Improving Shibboleth Origin Performance Walter Hoehn Internet2 Spring Member Meeting 2004
2
Origin Transaction Overhead 50-75% of transaction time falls into one of 3 categories SSL (browser->HS & SHAR->AA) –Performance considerations are well understood –Multiple processors, load distribution, hardware accelerators AA communication with backend data sources –Cost is variable, depending on infrastructure –Optimization is site dependant –We implemented caching in v1.0 Signing Operations in HS (public key encryption) –Low hanging fruit
3
Apache XML Security Library Implements W3c XML Security standards XML Encryption Syntax & Processing XML Signature Syntax & Processing Uses the JCA/JCE interfaces for crypto Digitally signs SAML AuthN Assertions Performance Bottleneck Latency Throughput Library Optimizations included in 1.1
4
JuiCE JCE -> OpenSSL using JNI Plugs into existing java apps without modification Apache, here we come! OpenSSL Engine
5
Enough talk, show me the numbers… Solaris - Sun Netra X1, 500mhz, 1gb RAM 160.3 ms - Sun JCE Provider 40.1 ms - JuiCE OSX - Mac Dual 2ghz G5, 1gb RAM 12.3 ms- Sun JCE Provider 8.1 ms - JuiCE Linux - 2.3 ghz Pentium 4, 1gb RAM 30 ms- Sun JCE Provider 9.4 ms - JuiCE
6
More numbers… Solaris 75% improvement Mac 34% improvement Linux 69% improvement Averages 3 times faster!
7
Where do we go from here? Further development of JuiCE Support for hardware crypto accelerators Further optimization of XML Security Library Shibboleth performance FAQ Best practices for configuration Hardware/Software platform recommendations Metrics Pitfalls
8
Walter Hoehn wassa@memphis.edu shib-users@internet2.edu juice-dev@xml.apache.org
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.