[prev in list] [next in list] [prev in thread] [next in thread] 

List:       isn
Subject:    [ISN] E-Biz Bucks Lost Under SSL Strain
From:       cult hero <jericho () dimensional ! com>
Date:       1999-05-22 12:17:04
[Download RAW message or body]


http://www.internetwk.com/lead/lead052099.htm

Thursday, May 20, 1999 
E-Biz Bucks Lost Under SSL Strain
By TIM WILSON 

A customer stuffs his shopping cart with goodies from your Web site.
Credit card in hand, he waits for a secure connection to consummate the
deal. And waits. Finally, short of patience, he dumps the contents and
logs off. 

It may sound like an e-commerce manager's nightmare, but according to the
latest Web server performance statistics, it's an increasingly common
phenomenon. 

The ghost in the machine is Secure Sockets Layer, the commonly used method
of securing communications between users and Web sites. 

Recent tests conducted by researcher Networkshop Inc. indicate that
powerful Web servers capable of handling hundreds of transactions per
second may be brought to a near standstill by heavy SSL traffic. Some
server configurations suffered as much as a fiftyfold degradation in
performance from SSL, down to just a few transactions per second,
according to analyst Alistair Croll at Networkshop. 

The growing problem of SSL performance has driven vendors to develop
devices that can help share the Web server's processing load. IPivot Inc.
next month will ship two new processors that can offload authentication
and encryption on e-commerce sites. 

IT managers and other experts have known for years that SSL, which
requires the authentication and encryption of Web server connections, can
significantly slow site performance. But the problem is rapidly becoming
more chronic as companies increase secured Web transactions, they said. 

"Our business is very seasonal, and a lot of it is concentrated in the
fourth quarter. This past December, we found ourselves shuffling servers
around to handle the load," said Stephen McCollum, network architect at
Hewitt Associates. The $858 million company manages benefits plans for
large organizations, and because Hewitt's Web traffic is personal and
confidential, virtually all of it is conducted via SSL. 

Hewitt is far from alone in its reliance on SSL. According to a study
conducted by research company Netcraft Ltd., SSL implementations doubled
from 15,000 sites to more than 35,000 sites between 1998 and 1999. And
many of those server sites are struggling under the load. 

"I'd guess that somewhere between 10 and 25 percent of [e-commerce]
transactions are aborted because of slow response times," said Rodney
Loges, vice president of business development at Digital Nation, a Web
hosting company. 

That translates to as much as $1.9 billion in lost revenue, using
Forrester Research numbers for 1998 of $7.8 billion in e-retail sales. 

According to Networkshop, even the most powerful, general-purpose Web
server hardware can be dragged down by large volumes of SSL traffic. In
its most recent tests, the research company found that a typical Pentium
server configuration running Linux and Apache, which at full capacity can
handle about 322 connections per second of standard HTTP traffic, fell to
about 24 connections per second when handling a full load of SSL traffic. 

A similar test conducted on a Sun 450 server running Solaris and Apache
experienced even more trouble. The server handled about 500 connections
per second of HTTP traffic at full capacity, but only about 3 connections
per second when the traffic was secured via SSL. Networkshop tests of
quad-processor configurations showed that those performance ratios scale
to multiserver environments as well, Croll said. 

A few vendors, such as Rainbow Technologies Inc., have solved the problem
by offloading security processing onto a dedicated co-processor card that
slips into a server. But as SSL traffic increases, adding and managing
co-processor boards becomes unwieldy, IT managers said. "We found that the
[co-processor] cards were kind of a kludge, because they have to be added
to every server," said Digital Nation's Loges. 

IPivot will begin shipping two external SSL processors--the Commerce
Accelerator 1000 and the Commerce Director 8000, which includes IPivot's
load-balancing system--to help eliminate SSL bottlenecks. 

The Commerce Accelerator 1000 is priced at $9,995; the Commerce Director
8000 costs $39,950. 


-o-
Subscribe: mail majordomo@repsec.com with "subscribe isn".
Today's ISN Sponsor: Hacker News Network [www.hackernews.com]

[prev in list] [next in list] [prev in thread] [next in thread]