Performance measurements for the cloud-based Securosys HSM
Using a Cloud HSM has an impact on the integration and performance of your system due to the following factors:
- The slower network communication between nevisProxy and the HSM provider,
- the integration mechanism (PKCS #11), and also
- the limits that the HSM provider might impose.
For better performance, we recommend using higher values for the KeepAlive settings of both frontend and backend connections. During our internal tests, higher values led to significantly higher performance.
If a single proxy reaches the limits of its performance due to the above factors, you could add additional nevisProxy instances to increase performance. For this to work stay below the limits imposed by the HSM provider. Examples of provider limits are the number of cryptographic operations and connections.
Internal performance test results
Our test setup consisted of a nevisProxy with a local session store and a Securosys Cloud HSM. Each test lasted 10 minutes.
The following table shows the test results:
| KeepAliveTimeout (in sec) | Users | Req/sec | Mean response time |
|---|---|---|---|
| 5 | 2000 | 43 | 26 |
| 5 | 3000 (64% failed) | 49 | 7488 |
| 10 | 3000 | 64 | 11 |
| 10 | 4000 | 85 | 11 |
| 20 | 7000 | 149 | 12 |
| 20 | 9000 (58% failed) | 144 | 6424 |
| 20 (2 instances) | 16000 | 341 | 14 |
| 20 (2 instances) | 18000 (32% failed) | 299 | 3500 |