Optimising ADSS TSA Server Performance
TSA servers are used to provide trusted timestamps on the hash values submitted to the TSA server from one or more client systems. ADSS TSA Server can be tuned to optimise the handling of TSA requests and responses to achieve 500+ requests per second.
Consider the following options - ask our Solution Consultants for help with your specific requirements:
- Use the fastest CPU available - ADSS Server is primarily CPU intensive, Xeon E3-xxxx or E5-xxxx or equivalent CPUs that are rated at 10K+ passmarks are recommended.
- Ensure there is enough overall system memory and the "Ascertia-ADSS-Service" Windows Service (or Unix daemon) has adequate memory assigned (min 4GB, consider 8GB for highest performance if there are large number of concurrent clients).
- Use load balancer to distribute the TSA requests across multiple ADSS TSA Servers.
- Use a suitably fast HSM to process the TSA response signatures - PCI HSMs can respond faster than networked HSMs.
- Use a separate, suitably powerful database server over a suitably fast network so that all system resources are directed to the ADSS TSA Server.
- Set appropriate parameters to minimise the TSA transaction logging detail - see TSA Service settings.
- Configure TSA Service to "Use the date / time obtained from the server's clock" - see Configuring TSA Profile.
- Set the Tomcat debug log level to ERROR for the ADSS TSA Service - see ADSS Server Logs.
- Avoid access control overheads if possible and allow all requests - see TSA Access Control.
|
See also
Access Control
Transactions Log Viewer
Logs Archiving
Alerts
Management Reporting
Timestamp Service Interface URLs