http://www.internetwk.com/lead/lead052099.htm Thursday, May 20, 1999 E-Biz Bucks Lost Under SSL Strain By TIM WILSON A customer stuffs his shopping cart with goodies from your Web site. Credit card in hand, he waits for a secure connection to consummate the deal. And waits. Finally, short of patience, he dumps the contents and logs off. It may sound like an e-commerce manager's nightmare, but according to the latest Web server performance statistics, it's an increasingly common phenomenon. The ghost in the machine is Secure Sockets Layer, the commonly used method of securing communications between users and Web sites. Recent tests conducted by researcher Networkshop Inc. indicate that powerful Web servers capable of handling hundreds of transactions per second may be brought to a near standstill by heavy SSL traffic. Some server configurations suffered as much as a fiftyfold degradation in performance from SSL, down to just a few transactions per second, according to analyst Alistair Croll at Networkshop. The growing problem of SSL performance has driven vendors to develop devices that can help share the Web server's processing load. IPivot Inc. next month will ship two new processors that can offload authentication and encryption on e-commerce sites. IT managers and other experts have known for years that SSL, which requires the authentication and encryption of Web server connections, can significantly slow site performance. But the problem is rapidly becoming more chronic as companies increase secured Web transactions, they said. "Our business is very seasonal, and a lot of it is concentrated in the fourth quarter. This past December, we found ourselves shuffling servers around to handle the load," said Stephen McCollum, network architect at Hewitt Associates. The $858 million company manages benefits plans for large organizations, and because Hewitt's Web traffic is personal and confidential, virtually all of it is conducted via SSL. Hewitt is far from alone in its reliance on SSL. According to a study conducted by research company Netcraft Ltd., SSL implementations doubled from 15,000 sites to more than 35,000 sites between 1998 and 1999. And many of those server sites are struggling under the load. "I'd guess that somewhere between 10 and 25 percent of [e-commerce] transactions are aborted because of slow response times," said Rodney Loges, vice president of business development at Digital Nation, a Web hosting company. That translates to as much as $1.9 billion in lost revenue, using Forrester Research numbers for 1998 of $7.8 billion in e-retail sales. According to Networkshop, even the most powerful, general-purpose Web server hardware can be dragged down by large volumes of SSL traffic. In its most recent tests, the research company found that a typical Pentium server configuration running Linux and Apache, which at full capacity can handle about 322 connections per second of standard HTTP traffic, fell to about 24 connections per second when handling a full load of SSL traffic. A similar test conducted on a Sun 450 server running Solaris and Apache experienced even more trouble. The server handled about 500 connections per second of HTTP traffic at full capacity, but only about 3 connections per second when the traffic was secured via SSL. Networkshop tests of quad-processor configurations showed that those performance ratios scale to multiserver environments as well, Croll said. A few vendors, such as Rainbow Technologies Inc., have solved the problem by offloading security processing onto a dedicated co-processor card that slips into a server. But as SSL traffic increases, adding and managing co-processor boards becomes unwieldy, IT managers said. "We found that the [co-processor] cards were kind of a kludge, because they have to be added to every server," said Digital Nation's Loges. IPivot will begin shipping two external SSL processors--the Commerce Accelerator 1000 and the Commerce Director 8000, which includes IPivot's load-balancing system--to help eliminate SSL bottlenecks. The Commerce Accelerator 1000 is priced at $9,995; the Commerce Director 8000 costs $39,950. -o- Subscribe: mail majordomoat_private with "subscribe isn". Today's ISN Sponsor: Hacker News Network [www.hackernews.com]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:23:31 PDT