Apart from the database tables that contain transaction logs, the disk usage for the remaining tables does not grow substantially over time. We can therefore split the tables into two categories: HIGH disk demanding and MEDIUM disk demanding.

  • HIGH disk demanding tables contain transaction logs for the Signing, Verification, Certification, OCSP, TSA, XKMS, SCVP, LTANS Go>Sign and RA Services
  • MEDIUM disk demanding tables contain system logs and CRL information.


The following table explains the disk utilisation for each category:


Service

MAX Disk Utilisation per Transaction per signature 

Signing

In the ADSS Signing Service all request/responses are stored in the SigningTransactionLogs database table. You can optionally configure ADSS not to store the input and output documents in the transaction tables to save space. See ADSS Signing Service > Using Signing Service Manager for more details.

The amount of disk space utilised for the transaction logs can be calculated as follows:

Miscellaneous data size + size of request + size of response.

Miscellaneous data = RequestId, response status, error details, time information, timestamp etc and is approx 0.8 KB (Max)

Size of request = 1 KB + size of document to be signed

Size of response = 3 KB + size of the signed document

Example: For a PDF sent for signing with a size of 155KB size, the disk utilisation requirement is:

0.8 KB + 156 KB + 158 KB = 315 KB (approx)

If the input and output documents are not stored then the disk utilisation becomes:

0.8 KB + 1 KB + 3 KB = 5 KB (approx).

Verification

In the ADSS Verification Service all request/responses and auxiliary data e.g. OCSP request/responses, timestamp request/responses are stored in the VerificationTransactionLogs and VerificationTransactionDetails tables.

The amount of disk space utilised for the transaction logs can be calculated as follows:

Size of miscellaneous data (see below) + size of request + size of response + (detailed data size + detail miscellaneous data for each detailed data item e.g. OCSP, Timestamp etc)

Miscellaneous data = TransactionID, Request received time, Response sent time, error/info messages etc.  This varies between 0.1 KB and 0.8 KB

Detail miscellaneous data = TransactionID, error/info messages, approx 0.16 KB

Detailed data = OCSP request/responses, Timestamps found while processing the request

Size of request depends upon the size of the sent signature or document + approx 5 to 10 KB for other XML data e.g. RespondWith, Transaction ID etc.

Size of response depends upon what is required back e.g. if no RespondWith is asked for then the size of response is approx 7 to 10 KB

Example

For a PDF containing 1 signature and a (base 64 encoded) size of 155 KB, where all RespondWith item are requested, the following is the disk utilisation where OCSP based revocation was performed and responses were time stamped:

0.8 KB + 160 KB+ 130 KB + (4 KB + 0.16 KB ) + (4 KB + 0.16 KB ) = 300 KB (approx)

Note that when ADSS Gateway is used the full document is not sent to ADSS Server hence the disk utilisation is reduced.

Certification

In the ADSS Certification Service all request/responses are stored in CertificationTransactionLogs database table.

The amount of disk space utilised for the transaction logs can be calculated as:

Miscellaneous data size + size of request + size of response.

Miscellaneous data = RequestId, response status, error details, time information etc. and is approx 0.7 KB (Max)

Size of request = 2 KB

Size of response varies from 1 KB to 12 KB depending upon what is required e.g. PKCS7, Certificate etc.

Example

For a certification request where PKCS#7, certificate and PFX are required back then the disk utilisation is:

0.7 KB + 2 KB + 12 KB = 15 KB (approx)

If the nothing is asked for in the response then the disk utilisation is:

0.7 KB + 2 KB + 1 KB = 4 KB (approx)

Note: Please note that key length of issued certificate is set to 2048 (RSA) for these stats.

OCSP

In the ADSS OCSP Service all request/responses are stored in OcspTransactionLogs database and OcspTransactionDetails tables.

The amount of disk space utilised for a transaction can be calculated as follows:

OcspTransactionLogs

Miscellaneous data size + size of request + size of response.

Miscellaneous data size = Id, response status, RelyingPartyId, RelyingPartyIssuer Name, hmac, time information and is approx 0.6 KB.

Size of request = 1.6 KB approx. (For a single CertId) + OCSP Signature size (0.4 KB) + size of attached certificates (2KB approx. if one cert is attached) = 4 KB approx

Size of response = 4 KB approx (Also depends upon the number of certificates attached)

Example 0.6 KB + 4 KB + 4 KB =8.6 KB (approx)

OcspTransactionDetails

Miscellaneous data size + size of request + size of response.

Miscellaneous data size = Id, TransactionId, CertSerialNo, CertIssuerName, CertStatus, ResponderUrl, hmac, time information and is approx 0.67 KB approx.

Size of request = 1.6 KB approx (for a single CertId) + OCSP Signature size (0.4 KB) + size of attached certificates (2KB approx if one cert is attached) = 4 KB approx

Size of response = 4 KB approx (Also depends upon the number of certificates attached)

Example 0.67 KB + 4 KB + 4 KB =8.67 KB (approx)

TSA

In the ADSS TSA Service all request/responses are stored in TsaTransactionLogs database table.

The amount of disk space utilised for a transaction log can be calculated as follows:

Miscellaneous data size + size of request + size of response.

Miscellaneous data size = Id, response status, error details, PolicyId, RelyingPartyId, RelyingPartyCert, External TSA address, hmac, TsaCertificate, time information, timestamp etc and is approx 1.2 KB + Size of RelyingPartySSLCert (approx 2KB) + Size of TSA Cert (approx 2KB) = 5.2 KB approx.

Size of request = 0.6 KB approx

Size of response = 2 KB approx (Also depends upon the number of certificates attached)

Example

5.2 KB + 0.6 KB + 2 KB =7.8 KB (approx)

LTANS

In the ADSS LTANS Service the Archived data is stored in LtanArchivedData database table.  All requests/responses are stored in LtanTransactionLogs database table.

The amount of disk space utilized for the Archived Data can be calculated as:

Miscellaneous data size + size of ers data

Miscellaneous data = data type, Originator ID, Creation Time, TSA address, Status etc = 5 KB (approx)

Size of ers data: 13 KB (approx)

Example

For an LTANS Service archive creation request, where the archived data is not stored in the database the disk utilisation is:

5 KB + 13 KB = 18 KB (approx)

The amount of disk space utilized for the transaction logs can be calculated as:

Miscellaneous data size + size of request + size of response

Miscellaneous data = RequestId, response status, error details, time information etc. and is approx 0.75 KB (Max)

Size of request: 3 KB

Size of response varies from 2 to 8 KB based upon the archive profile configurations.

Example: 

For an LTANS service transaction, where the archived data is not stored in the database, the disk utilization for transaction log is:
0.75 KB + 3 KB + 8 KB = 11.75 KB (approx)



Service

MAX Disk Utilisation per Transaction per signature 

System Logs

In system logs all changes made in ADSS Server via the GUI are stored in the OperationalLogs database table.

The amount of disk space utilised for logs can be calculated as:

Miscellaneous data size + size of change made by the user

Miscellaneous data = OperationId, ModuleId, SubModuleId, Datestamp etc and is ~0.3KB (Max)

Size of change made by the user = This contains the details of the record before and after change and the size will vary from screen to screen and approximately ranges from 5 KB to 10 KB.

Example

For a small change such as updating the ADSS friendly name, the disk utilisation is:

0.3 KB + 0.04 KB = 0.34 KB (approx)

If a big change is made such as updating the complete CA configuration for a CA then the disk utilisation is: 0.3 KB + 3 KB = 3.3 KB (approx)

CRL Logs

CRLs are stored in 2 forms: Closed cryptographic form and Open form

Closed cryptographic form is used for the case when one has to present proof of the actual CRL.

Open form is the same CRL stored in an extracted form in the database. Open form provides efficient searching capabilities i.e. instead of loading a closed CRL and serially searching for a serial number at run time, ADSS Server queries the already indexed and extracted CRL in the database which is far more efficient.

The following database disk space is required in open form.

MINIMUM: 156 bytes per CRL entry in a CA's CRL [This is for the case that the CRL entry has no Hold Instruction Code, Cert Issuer etc.]

MAXIMUM: 715 bytes per CRL entry [where Hold Instruction Code, Cert Issuer etc. are maintained]

Example

For a CRL with 50,000 CRL entries, the database space requirement would be: [MIN] 7.4 MB i.e. 50,000 * 156 bytes, [MAX] 34 MB i.e. 50,000 * 715 bytes

So for a 3 MB sized CRL, overall database size requirement (for the Closed and Open CRL together) would be:

MIMUIMUM: 7.4 MB + 3 MB = 11.4 MB (approx)

MAXIMUM: 34 MB + 3 MB = 37 MB (approx)

Note that the above disk requirement is for a single CA's CRL i.e. for another CRL a similar disk requirement is necessary.


See also

Trace Logs