Optimising ADSS Certification Server Performance
Certification Service is used to provide services to CA that enables business applications to request key generations and/or certification as well as operator based certification requests. ADSS Certification Server can be tuned to optimise the handling of Certification requests and responses.
Consider the following options - ask our Solution Consultants for help with your specific requirements:
- Use the fastest CPU available - ADSS Server is primarily CPU intensive, Xeon E3-xxxx or E5-xxxx or equivalent CPUs that are rated at 10K+ passmarks are recommended.
- Use solid state disks instead of conventional spinning disks from the system. This will allow Certification Server to work efficiently on IO operations.
- Ensure there is enough overall system memory and the "Ascertia-ADSS-Service" Windows Service (or Unix daemon) has adequate memory assigned (min 4GB, consider 8GB for highest performance if there are large number of concurrent clients).
- Use load balancing to distribute the Certification requests across multiple ADSS Certification Servers.
- Check that the ADSS Server trace logs settings are set to the "Error" level and not "Info" and certainly not "Debug" - see ADSS Server Logging.
- Check that lazy logging is being used and the settings are appropriate e.g. 5 4000 (write to the database every 5 seconds OR after 4000 transactions) - see ADSS Server Global Settings.
- Use a suitably fast HSM for signing - PCI HSMs can respond faster than networked HSMs.
- Use a separate powerful database server over a suitably fast network - this allows all Certification system resources to be dedicated to certificate operations.
- Set appropriate parameters to carefully select and minimise the Certification transaction to be logged - see Certification Service settings.
See also
Configuring the Certification Service
Directory Integration
Identity Certificates
Attribute Certificates
CV Certificate
CV Certificate Templates
Transactions Log Viewer
Logs Archiving
Alerts
Management Reporting
Certification Service Interface URLs
