[OpenCA-Devel] More volume test results

[Chris Covell]

Guys, as you know I have started a project to test the volume 
performance of OpenCA (0.9.2 RC6 CVS). I have presented a few results on 
preliminary tests of the batch processor in other emails. I have now 
moved onto volume testing, and in particular testing everyday functions 
in a high(ish) volume CA. My company has bought a server for these tests 
and is giving me the time to run them. The server is a DELL 2650 with 
dual processors and RAID SCSI disks.

OK, a first set of results.
I have a PKI environment consisting of CA (CA, batch and node offline) 
and RA (RA, Pub online). The CA are RA are installed as seperate 
environments on the same physical hardware.

I have built the PKI up to 10,000 certificates using batch processors.
My first usability test and results are as follows:
1. Batch create 1000 new certs and export them to the RA to bring total 
population to 11,000 certificates.

Batch create of 1000 certificates, time taken=42 minutes
Export to RA, time taken=1 hour 24 minutes or 84 minutes
Import to RA, time taken around 30 seconds.
2. Create a single cert request on Pub, run it through RA, CA, RA and 
back to the browser.

Public interface came back with Req number 2820128 in less than 1 second.
RA interface took about 8 seconds to find the CSR and another 6 to 
display the CSR.
RA node interface to 2 seconds to export all.
CA node interface took 1 second to import all.
CA interface took 1 second to find the CSR and 1 second to sign it.
CA node interface export started 13:18 finished at 14:43 1 hour 25
minutes, or 85 minutes !
RA node took just 1 second to import certificate.

3. Revoke the single cert.
All screens and data exchange performed without any delay.
4. Batch revoke 5 certificates.
All screens and data exchange performed without any delay.
Conclusion
We have a problem with the data exchange functions for certificates. It 
looks to me like the time taken to export certificates from the CA is in 
proportion to the current volume of the CA (other test results show that 
a CA of 8000 certificates takes 39 minutes to export 1000, a CA of 9000 
certs takes 58 minutes to export 1000 and 10,000 takes 67 minutes to 
export 1000).

I intend to get up to a certificate volume in excess of 50,000, but I am 
scared as to how long the data exchange will take !

I am going to put this problem as a bug on Source Forge, but I thought I 
would share it with you now so that perhaps we can discuss a resolution.

Chris...
-------------------------------------------------------
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement on
who ports your project to Linux PPC the best. Sponsored by IBM. 
Deadline: Sept. 13. Go here: http://sf.net/ppc_contest.php
_______________________________________________
OpenCA-Devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-devel