[infinispan-dev] Infinispan security?

Manik Surtani manik at jboss.org
Wed Sep 14 08:12:52 EDT 2011


On 11 Sep 2011, at 16:40, Joni Hahkala wrote:

> On 07/09/2011 18:04, Manik Surtani wrote:
>> On 2 Sep 2011, at 13:04, Joni Hahkala wrote:
>> 
>>> Is there any performance numbers for infinispan? What kind of response
>>> times would be required from secure version and what they are now etc?
>> No had requirements as such, since I think anyone expecting to deploy a secure data grid will expect performance tradeoffs.  What sort of factors do you envisage with the approaches you outlined below?
> 
> For ssl, you would have the problem of the handshake, you have two request-response cycles before you can even start to send the actual data. So, with anything else than intra cluster networking, you get bitten by the network latency. You can resume old ssl sessions, which save one request-response cycle, or you can keep the sockets open, and only do the handshake once, but at least keeping the sockets open doesn't scale so far. Then there is also the certificate checking, but that shouln't be that big of an issue unless you want to go for ultimate speed.

Well, for inter-node traffic, this could be a problem since there will be a lot of chatter.  And if we need to perform a handshake each time, that will kill performance.  Unless, as you say, persistent connections can be maintained.  In which case your real overhead is then just the encryption and signing.

> With everything there is the overhead of encryption and possibly the signing, but that shouldn't be such a big slowdown.
> 
> The Seam framework seems to be more of user authentication, and would probably be good for managing the authorization information. But for authentication between the nodes and clients maybe keys would be better, kind of like ssh is doing.
> 
> Cheers,
> Joni
> 
>> 
>> --
>> Manik Surtani
>> manik at jboss.org
>> twitter.com/maniksurtani
>> 
>> Lead, Infinispan
>> http://www.infinispan.org
>> 
>> 
>> 
>> 
>> _______________________________________________
>> infinispan-dev mailing list
>> infinispan-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/infinispan-dev
> 

--
Manik Surtani
manik at jboss.org
twitter.com/maniksurtani

Lead, Infinispan
http://www.infinispan.org






More information about the infinispan-dev mailing list