Optimising ADSS Certification Server Performance
Certification service are used to provide services to CA that enables business applications to request key generations and/or certification as well as operator based certification requests. ADSS Certification Server can be tuned to optimise the handling of Certification requests and responses.
Consider the following options - ask our Solution Consultants for help with your specific requirements:
Use the fastest CPU available - ADSS Server is primarily CPU intensive, Xeon E3-xxxx or E5-xxxx or equivalent CPUs that are rated at 10K+ passmarks are recommended
Use solid state disks instead of conventional spinning disks from the system. This will allow Certification Server to work efficiently on IO operations
Ensure there is enough overall system memory and the "Ascertia-ADSS-Service" Windows Service (or Unix daemon) has adequate memory assigned (min 4GB, consider 8GB for highest performance if there are large number of concurrent clients)
Use load balancing to distribute the Certification requests across multiple ADSS Certification Servers
Check that the ADSS Server trace logs settings are set to the "Error" level and not "Info" and certainly not "Debug" - see ADSS Server Logging
Check that lazy logging is being used and the settings are appropriate e.g. 5 4000 (write to the database every 5 seconds OR after 4000 transactions) - see ADSS Server Global Settings
Use a suitably fast HSM for signing - PCI HSMs can respond faster than networked HSMs
Use a separate powerful database server over a suitably fast network - this allows all Certification system resources to be dedicated to certificate operations
Set appropriate parameters to carefully select and minimise the Certification transaction to be logged - see Certification Service settings
See also