* owner-openssl-us...@openssl.org > What is the purpose of the project? > > This is a open source project - I need a way to monitor a > huge number of servers - monitor CPU load, RAM load, HDD > load, installed packets and etc.
Why not using http://www.nagios.org/? > The data which will gathered > will be structured in JSON format and sended to one main > server - Centos x86_64. The load will very high - every for > example 2 hours the main Centos server will make checks of > the monitored servers - this means that the monitored servers > will establish connection with the main server and exchange > JSON data maybe 200+ lines. Encrypting a few bytes with some stream cipher every two hours shouldn't be a problem for a PC server, even if it has some load, I think. > Later on it will be added support for remote patching - this > will include trasportation of installable rpm file to the > remote server - sometimes bigger files will be transported. Aren't there sophisticated existing solutions for that? To sync bigger files, "rsync -e ssh --bwlimit" comes to mind. > So I need a high performance solution that can handle many > connections with little server load. Why not using SSL, for example in form of stunnel, and keep the tunnel up all the time? Or keeping an SSH connection open, which might be easiest to use from shell scripts. SSH port tunneling might also help > 1. SSL is a good solution but is not high performance - it's > more suitable for encryption of a web page. When establishing > connection more that 100 connections are used to perform the > SSL handshake and is not suitable for big bynary data. This isn't right. I think you can safely expect that SSL/TLS is according to current knowledge close to the best possible performance without trading speed for security and it can be configured well (see stunnel with all it's options, for example). So SSL/TLS is fast (for the security it provides). > 2. Symethric encryption is more suitable because it is higth > performance and will scale very well. Yes, as used in SSL and SSH. (BTW, I think only symetric encryption is suited because asymetric does not work well for longer data) > I need a high performance optimizad solution. If you only need high performance (no security), why not using plain text TCP/IP communications (firewalled)? > What is your opinion? > What will be the best approach? Maybe have a look at Nagios and use remote monitor plug-in scripts using SSH-port-forwarded access, should be easy, safe, secure, performant, maintenable and based on tested components. oki, Steffen -- end of mail ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
