Optimising ADSS Signing Server Performance
Signing servers are used to provide OASIS DSS compliant data and document signing services for client applications. ADSS Signing Server can be tuned to optimise the handling of Signing requests and responses.
Consider the following options - ask our Solution Consultants for help with your specific requirements:
Use the fastest CPU available - ADSS Server is primarily CPU intensive, Xeon E3-xxxx or E5-xxxx or equivalent CPUs that are rated at 10K+ passmarks are recommended
Use solid state disks instead of conventional spinning disks from the system. This will allow Signing Server to work efficiently on IO operations
Ensure there is enough overall system memory and the "Ascertia-ADSS-Service" Windows Service (or Unix daemon) has adequate memory assigned (min 4GB, consider 8GB for highest performance if there are large number of concurrent clients)
Use load balancer to distribute the Signing requests across multiple ADSS Signing Servers
Consider using Signing Service along with Signing Proxy Server to share load. This will allow back-end Signing Server to focus on Hash signing.
Check that the ADSS Server trace logs settings are set to the "Error" level and not "Info" and certainly not "Debug" - see ADSS Server Logging
Check that lazy logging is being used and the settings are appropriate e.g. 5 4000 (write to the database every 5 seconds OR after 4000 transactions) - see ADSS Server Global Settings
Use a suitably fast HSM for signing - PCI HSMs can respond faster than networked HSMs
Use a separate powerful database server over a suitably fast network - this allows all Signing system resources to be dedicated for signing.
Set appropriate parameters to carefully select and minimise the Signing transaction to be logged - see Signing Service settings
Use HTTP protocol for all signing operations as they are faster than DSS.
See also