Notes:
y
Transaction Length set at 1024 bytes
y
See section 8.2 for Test Environment information
465
2048
10
SHA-1 / RSA
308
2048
1
SHA-1 / RSA
1,074
1024
10
SHA-1 / RSA
794
1024
1
SHA-1 / RSA
4764
(Transactions/second)
RSA Key Length
(Bits)
Threads
Encryption
Algorithm
Signing Performance
CCA CSP
Table 8.5
Notes:
y
See section 8.2 for Test Environment information
966
100000
10
945
10000
1
4764
(Transactions/second)
Total Repetitions
Threads
Financial PINs Performance
CCA CSP
Table 8.6
8.5 Cryptography Observations, Tips and Recommendations
y
The IBM Systems Workload Estimator, described in Chapter 23, reflects the performance of real user
applications while averaging the impact of the differences between the various communications
protocols. The real world perspective offered by the Workload Estimator may be valuable in some
cases
y
SSL/TLS client authentication requested by the server is quite expensive in terms of CPU and should
be requested only when needed. Client authentication full handshakes use two to three times the CPU
resource of server-only authentication. RSA authentication requests can be offloaded to an IBM 4764
Cryptographic Coprocessor.
y
With the use of Collection Services you can count the SSL/TLS handshake operations. This
capability allows you to better understand the performance impact of secure communications traffic.
Use this tool to count how many full versus cached handshakes per second are being serviced by the
server. Start the Collection Services with the default “Standard plus protocol”. When the collection is
done you can find the SSL/TLS information in the QAPMJOBMI database file in the fields JBASH
(full) and JBFSHA (cached) for server authentications or JBFSHA (full) and JBASHA (cached) for
server and client authentications. Accumulate the full handshake numbers for all jobs and you will
have a good method to determine the need for a 4764 Cryptographic Coprocessor. Information about
Collection Services can be found at the System i Information Center. See section 8.6 for additional
information.
•
Symmetric key encryption and signing performance improves significantly when multithreaded.
IBM i 6.1 Performance Capabilities Reference - January/April/October 2008
©
Copyright IBM Corp. 2008
Chapter 8 Cryptography Performance
147