On Wednesday, 04/03/2013 at 12:22 EDT, Rob D <[email protected]> wrote: > Hello. We are discussing setting up a crypto card implementation on our > RHEL based Z\EC12 setup. We are looking to offload SSL processing to the > crypto card. > We are looking to get an IFL savings, and hopefully a performance boost too. > > Does anyone out there have experience in setting this up under RHEL 6.x? > Were there any tricks or sticking points that you ran across? > What were the results? How much faster did your transactions run? How > much IFL \ CPU did you save? > How much throughput are you getting from your crypto card? How many > Megabits per second are you processing? > > We have a fairly large amount of SSL traffic we are generating now, and are > looking to dramatically increase it, and that is what started us looking at > the crypto card integration
As an aside, keep in mind that the crypto cards are only used during the SSL asymmetric key exchange. Once the session is established, the on-chip CPACF encryption is used. The crypto card's value for SSL is most evident when you have a lot of concurrent sessions being established at the same time. For example, after someone reboots a switch and all the frustrated clients reconnect at the same time. You know, your 20,000 CMS users. :-) And, of course, for clients that establish lots of connections for short periods of time. Alan Altmark Senior Managing z/VM and Linux Consultant IBM System Lab Services and Training ibm.com/systems/services/labservices office: 607.429.3323 mobile; 607.321.7556 [email protected] IBM Endicott ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For more information on Linux on System z, visit http://wiki.linuxvm.org/
