Hello, I have not used any SSL acceleration cards with Pound. Yet, I wanted to provide a little word of caution that I got from an IT colleague who has such experience.
Many SSL accelerator cards actually implement the SSL decryption in their bios, i.e. software. This is no faster than a good software implementation running on a dedicated multi-core CPU today. Our Gigahertz class CPUs of today are more than adequate to do SSL decryption in software. Always make sure that you are buying a card that implements the SSL algorithm in hardware entirely. The cheap cards use software BIOS as their "acceleration". Avoid those cards. Expect to pay handsomely for a decent hardware-only implementation of SSL. You will get what you pay for in this case. -- Jake > -----Original Message----- > From: Alfonso Espitia [mailto:[email protected]] > Sent: Thursday, April 23, 2009 7:17 AM > To: [email protected] > Subject: RE: [Pound Mailing List] Performance and Hardware SSL > > In a related note. What experiences have people had with cards already > out there? > > Which were easy to install/configure? > > Just looking for some recommendations. > > Thank you. > > --Alfonso > > -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf Of > Francois Rejete > Sent: Thursday, April 23, 2009 5:07 AM > To: [email protected] > Subject: Re: [Pound Mailing List] Performance and Hardware SSL > > SSL Hardware Acceleration usually means offloading encryption to > specific dedicated hardware, most often PCI cards. > http://en.wikipedia.org/wiki/SSL_acceleration > --- > François Rejeté > > > On Thu, Apr 23, 2009 at 5:57 PM, Daniel Keeley > <[email protected]>wrote: > > > Hi, > > > > I've read a few of the notes on the mailing list about hardware > > acceleration for SSL. > > > > What does this mean? Does this mean using a CPU with certain > > extensions? If so how can i confirm whether or not i've built Pound > > with support for those extensions, and even whether or not my OS > supports them? > > > > I ran a quick benchmark yesterday and got impressive results. At the > > moment I am just running on a core 2 duo laptop, yet still managed > 600 > > trx/s with the same box running jmeter, pound and apache (Oh; And > they > > were all in a VM!) However we need significantly more than this > throughput. > > > > Thanks, > > Dan > > > > ________________________________ > > Aegate Limited is a limited company registered in England and Wales > > with registration number 5089909, having its registered office at 123 > > Buckingham Palace Road, London SW1W 9SR, England. > > > > This communication may contain confidential and/or privileged > > information belonging to Aegate Limited. This information is intended > > only for the use of the individual or entity named. If you are not > the > > intended recipient, or the employee or agent responsible to deliver > it > > to the intended recipient, you should notify Aegate Limited > > immediately. You are hereby notified that any disclosure, copying, > > distribution or taking of any action in reliance on the contents of > this communication is strictly prohibited. > > > > > > -- > > To unsubscribe send an email with subject unsubscribe to > [email protected]. > > Please contact [email protected] for questions. > > > > > -- > To unsubscribe send an email with subject unsubscribe to > [email protected]. > Please contact [email protected] for questions. > > -- > This message has been scanned for viruses and dangerous content by > SecureMail, and is believed to be clean. > > > > -- > To unsubscribe send an email with subject unsubscribe to > [email protected]. > Please contact [email protected] for questions. -- To unsubscribe send an email with subject unsubscribe to [email protected]. Please contact [email protected] for questions.
