Reset Search
 

 

Article

KB12912 - Performance impact on PCS device after disabling SSL hardware accelerator card

« Go Back

Information

 
Last Modified Date8/9/2015 3:12 AM
Synopsis
This article provides information about the performance impact on PCS device after disabling SSL hardware accelerator card.
Problem or Goal
Cause
Solution
Impact:
The impact of SSL acceleration on performance varies based on the encryption cipher being used.

Standard browsers (when doing rewriter) usually use RC4 encryption.  The PCS device does this encryption in the main CPU itself (as it is quite lightweight).  Disabling the accelerator card will not affect performance in such cases.   However, if you are using a heavier cipher (3DES / AES) and running under load, then the SSL accelerator greatly offloads the main CPU from the expensive bulk encryption operation. Thus, one can load the system to greater limits without adversely impacting performance.  Typically we have seen that for 3DES encryption, disabling accelerator card causes the PCS device to take about a 30% performance hit, especially if one is doing end-to-end encryption (front-end and backend SSL).

Since the NC (Network Connect) client uses 3DES/AES by default, by disabling acceleration, there could be a noticeable performance impact on the system. You might not see a process restart per-se, but packet loss will be greater (for NC) and the page response time will be slower (for core).

Summary:
  • Disabling SSL Hardware Accelerator does not affect PCS6500 performance (throughput) at the regular packet size of 512 bytes. For small packet sizes, there is a slight degradation for small packet sizes.
  • Disabling SSL Hardware Accelerator has a 30% degradation for PCS6000. The degradation becomes more acute as packet sizes get larger.

Card verification:
If the SSL Hardware accelerator card is installed in your SA, the following option will be available in the PCS admin GUI 

Under Maintenance > System > Options:
"Enable SSL acceleration. The system will reboot when this setting is modified"
Related Links
Attachment 1 
Created ByData Deployment

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255