[ISN] E-Biz Bucks Lost Under SSL Strain

From: cult hero (jerichoat_private)
Date: Sat May 22 1999 - 05:17:04 PDT

  • Next message: cult hero: "[ISN] Hackers worry Minneapolis Officials"

    Thursday, May 20, 1999 
    E-Biz Bucks Lost Under SSL Strain
    A customer stuffs his shopping cart with goodies from your Web site.
    Credit card in hand, he waits for a secure connection to consummate the
    deal. And waits. Finally, short of patience, he dumps the contents and
    logs off. 
    It may sound like an e-commerce manager's nightmare, but according to the
    latest Web server performance statistics, it's an increasingly common
    The ghost in the machine is Secure Sockets Layer, the commonly used method
    of securing communications between users and Web sites. 
    Recent tests conducted by researcher Networkshop Inc. indicate that
    powerful Web servers capable of handling hundreds of transactions per
    second may be brought to a near standstill by heavy SSL traffic. Some
    server configurations suffered as much as a fiftyfold degradation in
    performance from SSL, down to just a few transactions per second,
    according to analyst Alistair Croll at Networkshop. 
    The growing problem of SSL performance has driven vendors to develop
    devices that can help share the Web server's processing load. IPivot Inc.
    next month will ship two new processors that can offload authentication
    and encryption on e-commerce sites. 
    IT managers and other experts have known for years that SSL, which
    requires the authentication and encryption of Web server connections, can
    significantly slow site performance. But the problem is rapidly becoming
    more chronic as companies increase secured Web transactions, they said. 
    "Our business is very seasonal, and a lot of it is concentrated in the
    fourth quarter. This past December, we found ourselves shuffling servers
    around to handle the load," said Stephen McCollum, network architect at
    Hewitt Associates. The $858 million company manages benefits plans for
    large organizations, and because Hewitt's Web traffic is personal and
    confidential, virtually all of it is conducted via SSL. 
    Hewitt is far from alone in its reliance on SSL. According to a study
    conducted by research company Netcraft Ltd., SSL implementations doubled
    from 15,000 sites to more than 35,000 sites between 1998 and 1999. And
    many of those server sites are struggling under the load. 
    "I'd guess that somewhere between 10 and 25 percent of [e-commerce]
    transactions are aborted because of slow response times," said Rodney
    Loges, vice president of business development at Digital Nation, a Web
    hosting company. 
    That translates to as much as $1.9 billion in lost revenue, using
    Forrester Research numbers for 1998 of $7.8 billion in e-retail sales. 
    According to Networkshop, even the most powerful, general-purpose Web
    server hardware can be dragged down by large volumes of SSL traffic. In
    its most recent tests, the research company found that a typical Pentium
    server configuration running Linux and Apache, which at full capacity can
    handle about 322 connections per second of standard HTTP traffic, fell to
    about 24 connections per second when handling a full load of SSL traffic. 
    A similar test conducted on a Sun 450 server running Solaris and Apache
    experienced even more trouble. The server handled about 500 connections
    per second of HTTP traffic at full capacity, but only about 3 connections
    per second when the traffic was secured via SSL. Networkshop tests of
    quad-processor configurations showed that those performance ratios scale
    to multiserver environments as well, Croll said. 
    A few vendors, such as Rainbow Technologies Inc., have solved the problem
    by offloading security processing onto a dedicated co-processor card that
    slips into a server. But as SSL traffic increases, adding and managing
    co-processor boards becomes unwieldy, IT managers said. "We found that the
    [co-processor] cards were kind of a kludge, because they have to be added
    to every server," said Digital Nation's Loges. 
    IPivot will begin shipping two external SSL processors--the Commerce
    Accelerator 1000 and the Commerce Director 8000, which includes IPivot's
    load-balancing system--to help eliminate SSL bottlenecks. 
    The Commerce Accelerator 1000 is priced at $9,995; the Commerce Director
    8000 costs $39,950. 
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Hacker News Network [www.hackernews.com]

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:23:31 PDT