Skip to main content
Version: 8.2405.x.x RR

Performance measurements for the cloud-based Securosys HSM

Using a Cloud HSM has an impact on the integration and performance of your system due to the following factors:

  • The slower network communication between nevisProxy and the HSM provider,
  • the integration mechanism (PKCS #11), and also
  • the limits that the HSM provider might impose.

For better performance, we recommend using higher values for the KeepAlive settings of both frontend and backend connections. During our internal tests, higher values led to significantly higher performance.

If a single proxy reaches the limits of its performance due to the above factors, you could add additional nevisProxy instances to increase performance. For this to work stay below the limits imposed by the HSM provider. Examples of provider limits are the number of cryptographic operations and connections.

Internal performance test results

Our test setup consisted of a nevisProxy with a local session store and a Securosys Cloud HSM. Each test lasted 10 minutes.

The following table shows the test results:

KeepAliveTimeout (in sec)UsersReq/secMean response time
520004326
53000 (64% failed)497488
1030006411
1040008511
20700014912
209000 (58% failed)1446424
20 (2 instances)1600034114
20 (2 instances)18000 (32% failed)2993500