I believe someone's implemented SSL in WebStone, but the web site
(www.mindcraft.com) doesn't mention it, so it hasn't been included in
the official development source.
Michael
Tim Nelson wrote:
>
> We use an app called ACT (ApplicationCenterTest) which is part of
> Application Center 2000 from Microsoft.
>
>
> -----Original Message-----
> From: Titus, Tim
> Sent: Wed 2/21/2001 9:01 AM
> To: lb-lIZZATvegan.net
> Cc:
> Subject: RE: [load balancing] Verisign and Load Balancers
>
> All of this talk about SSL connections and it makes me wonder:
>
> What kind of SSL load testing software is there out there?
>
>
> -Tim Titus------------------------------
> Director, Internet Operations, NCS Learn
> -----<www.NCSlearn.com>-----------------
>
>
>
> -----Original Message-----
> From: timnIZZATmicrosoft.com [mailto:timnIZZATmicrosoft.com]
> Sent: Tuesday, February 20, 2001 8:37 PM
> To: lb-lIZZATvegan.net
> Subject: RE: [load balancing] Verisign and Load
> Balancers
>
>
>
> Rainbow is too expensive, so is nCipher, and any of the
> front end devices.
>
> Our OS is W2k ADVServer, SP2 -with schannel.dll fix.
>
> Here are our finalists:
>
> Atalla's AXL300 Card sells on the street for $1495. We
> tested it and were able to manage 285cps on a 2x833Mhz, cpu was about
> 67%. Compaq says they scale linearally, up to 8 in a box (if you had the
> slots, and the bus didn't bottleneck). If you have an app that supports
> CRT, they claim you could double your cps.
>
> Broadcom's solution comes in at less than $1000. It
> supports up to 600cps and with the same server config as above, managed
> around 560cps, cpu at 85%.
>
>
>
> --- Original message ---
> From: Alex Samonte
> Sent: Tue 2/20/2001 7:51:19 PM
> To: lb-lIZZATvegan.net
> Subject: Re: [load balancing] Verisign and Load
> Balancers
>
>
> On Tue, Feb 20, 2001 at 06:13:14PM -0600, KJ & JC
> Salchow wrote:
> >
> > > If Eric cares to speak up even F5 admitted to us
> this was a problem. One
> > > they hoped would be taken care of by SMP (or just
> putting bigger procs in
> > > there)
> > >
> > Of course the issue here with your testing is that I
> bet you a box of
> > doughnuts that every vendor you tested used the
> Rainbow chipset. So, what
> > kind of choices can we make? Like I told Eric, I'm
> not doubting you, I was
> > just having trouble swallowing the stats based on my
> experience, so, given
> > you obviously can do a lot more testing than I can,
> I'll go with your
> > numbers. Which brings us back to, what choices do we
> have?
>
> Well, for the short term you don't have a lot of
> choices.
> Rainbow is by far the most popular and widely used.
> There is also
> Attala that Compaq OEMs and, nCipher, and Phobos (they
> make the load balancer
> of the future....in joke...)
>
> Right now most people are using off the shelf rainbow
> cards. There are some
> network gear vendors out there doing it with broadcom
> chipsets (which I believe
> were BlueSteel before they were aquired), many people
> are starting to utilize
> geneeral VPN accelerators with SSL (for doing DeS
> stuff).
>
>
> There are also several stealth startups which are doing
> some pretty cool
> stuff with SSL accelerators in excess of what is
> available today.
>
> I would venture to say that the people making their own
> SSL chipsets I can
> count on two hands, but It's still a lot better than
> just 1. Even with
> what's existing today you have choices, but the best one
> so far isn't all
> that great. Be patient there's more stuff coming!
>
> > For your white paper, you might want to mention the
> above mention of the
> > Rainbow chipset. If, and I suspect you are correct,
> the Internet goes
> > entirely crypto - what ever the means (SSL/TLS being
> the obvious choice) -
> > which will require everyone to use SSL accelerators,
> what are the
> > consequences of one company having so much control
> over that aspect of
> > commerce, information dissemination, and secrecy?
> Then, once you're done
> > turning Rainbow over the the Feds - can you work on
> Verisign?? :-0
>
> An interesting thought. I'm not saying that the entire
> internet will become
> crypto. But that it will be so easy to do so (atleast
> with commercial
> hardware) the big sites would just do it by default.
>
> But from what I have seen there are so many
> implementations of SSL (both in
> hardware and software) no one is going to have a
> controlling stake in it
> in the same way people were paranoid about the skipjack
> stuff.
>
> In all reality, we know that SSL doesn't really buy us
> much. People will
> break into the database if they want all the info, not
> sniff the traffic
> (atleast on the server side). It can be broken, and
> sometimes with not much
> computing effort. But it makes people feel better. And
> if a wide
> acceptance of SSL happens it will definately benefit the
> client side so you
> don't have some disgruntled network admin sniffing corp
> traffic and stealing
> all the execs logins to their online brokerage and bank
> accounts.
>
> Let me leave you with this interesting thought on SSL
> accelerators. From our
> testing we can get 100 conn/s out of a PIII-800 running
> mod_ssl. Obviously
> it maxes out the CPU at that point. Let's just say for
> example I wanted
> 200 conn/s of SSL. That PIII-800 box costs me about
> 1.5-3K each. How much does
> 1 cryptoswift 200 cost? How much does it cost when F5
> sells it to you? Or
> Intel, or alteon? (plus I still need to buy the server).
>
> -Alex
>
>
> ------------------------------------------------------------------------
> Name: winmail.dat
> winmail.dat Type: application/ms-tnef
> Encoding: base64
This archive was generated by hypermail 2b30 : Wed Feb 21 2001 - 20:22:41 EST