IIRC, tomcat's SSL code is not as efficient as Apache's. We're
running httpd 2.0.x in front of tomcat using mod_jk, and here's some
numbers I saw when I did some testing (reposted from previous threads):
Two Dell 1855 blades, currently configured as production/warm spare.
Plan is to have both clustered once we get the shared ticket
repository working (and a load balancer)
Dual 3GHz Xeon CPUs (slowest and lowest voltage cpus I could order)
4GB memory
2 HDs, mirrored
I was fairly certain the SSL connection setup would be most of the
work, and we're not fronting the application with any SSL-
accelerator. As a very quick-and-dirty load test, I wrote a script
that loaded the login page over SSL as fast as possible. No logins or
ST validations were performed, but apache (which is fronting Tomcat
using mod_jk) was able to handle 350 requests per second, which would
mean about 1.2 million SSL connections per hour.
Assuming an average of one login and 5 ST validated per user all over
SSL connections, the system should be able to handle 200,000 users
per hour.
Steve
On Mar 9, 2007, at 8:06 PM, Patrick Berry wrote:
> Apologies in advance, I know this is a topic (SSL) this is greatly
> misunderstood and generates more than it's fair share of questions.
>
> We've never had a problem with CAS 2 performance, even though we
> run tomcat 5.0.28 with nothing in front on JDK 1.4.2. We foolishly
> never did any baseline performance testing with httperf. We
> finally ran into a problem and started to do some testing.
>
> It came down to this, just hitting /cas/login :
> SSL: 11 connection/sec
> No SSL: 150+ connections/sec
>
> Question: Is this basically what others see?
>
> I know the solutions, upgrade JVM, upgrade tomcat, upgrade CAS,
> cluster CAS, offload SSL and I'll get there eventually. I mainly
> just want to see if my tests reflect reality (not just my own
> reality).
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
