Your company decides to start the business of selling toys online and shipping globally. A team in-house is in charge of developing an E-Commerce system that supports the new business. SSL/TLS protects communication between browsers and web server farms. The performance tester observed that the CPU utilization of web servers kept as high as 100%, and some connections will time out. However, the webserver farms work fine under HTTP connections. Moreover, the web servers are I/O bound in nature; they mostly accept file requests and dispatch transactions to the application server clusters. Which of the following is most feasible to address the time-out and improve availability?
A. Increase the bandwidth, e.g., from T1 to T3.
B. Add more RAM/memory to improve system performance
C. Implement hardware security modules to offload processing
D. Upgrade to faster CPUs on each web server to speed up the processing
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is C. Implement hardware security modules to offload processing.
The fact that the web server farms work fine under HTTP connections implies bandwidth and I/O are sufficient given the current resources. As a result, to increase the bandwidth and add more RAM/memory don’t help.
The bottleneck is the processor. When https is enabled, and processors are working heavily to deal with cryptographic processing, and some connections may be timed out.
Upgrading to faster CPUs may help, but upgrading has an upper limit of hardware.
Offloading the cryptographic processing from processors on web servers to hardware security modules (HSM) is a better solution. An HSM primarily provides three functions:
- CA/Key management
- Transaction authorization
- SSL/TLS offloading