Tuesday Jun 09, 2009

Speed up your SSL operation for IBM HTTP Server on Ultra SPARC T2 systems

Sometime back we have published a Sun Blueprint (Accelerating IBM HTTP Server Cryptographic Operations Using Sun Servers with CoolThreads Technology) detailing the steps needed to get your IBM HTTP Server use the on-chip crypto processor on Ultra SPARC T2 based system for SSL operation. This will give a free SSL operation boost without buying additional hardware for such operations.
The documentation lists all the steps needed to get your IBM HTTP Server and GSKit working  with this on-chip crypto module on Ultra SPARC T2 processor.  In addition to how to configure it, it also has results from some of the performance testing that has been done to measure the performance gain. Your milegae may vary depending on your type of workload but if you are making lot of new client connection and serving "HTTPS" traffic then this would something that is available to you free you want to consider. It wil help you take care of your SSL handshakes operations.
Another important aspect of this is that GSKit is a common library that has been used by IBM in lot of products. And as its evident from the name, Global Security Kit, it is security related implementation to be used across different products such as PKCS#11 or so. Some more details can be found at my prior blog about GSKit. This implies that if you want to hookup with PKCS#11 provider and take advantage of on-chip cryptography for other products that can be done too. You must note that this integration has happened at certain level of IBM HTTP Server so it requires certain version of GSKit embedded with the product for which you will try to take advantage.

Monday Oct 22, 2007

UltraSPARC T2 and WebSphere Application Server licensing update

Following the release of this new processor and server based on this IBM has updated the PUV(Processor Unit Value) licensing information.
I will not elaborate on the cost benefit analysis but you can make out from the data that this seems to be very cost effective server in terms of licensing cost. The details are here for your reference:
Processor Value Unit table

Tuesday Oct 09, 2007

UltraSPARC T2 and WebSphere Application Server

As Sun continue to provide breakthrough multi-core technology and systems based on that you are going to have your hands on this new cool server very soon. As you already may know that its predecessor(Sun Fire T2000) has established itself as the best J2EE App Server Platform (In fact it dominates the other area too but I will leave that to my colleagues to comments on). The details from SPEC web-site are here for your reference:
BEA WebLogic Server SPECjAppServer2004 result on Sun Fire T2000
IBM WebSphere Application Server SPECjAppServer2004 result on Sun Fire T2000
Oracle Application Server SPECjAppServer2004 result on Sun Fire T2000
Sun Java Application Server SPECjAppServer2004 result on Sun Fire T2000

Now you are going to see the next generation server named Sun SPARC Enterprise T5120/T5220 and this is going to continue to lead this segment and other as well. Don't forget to check this blog.

So coming to the point I got my hands on one of these system and did some performance study of WebSphere Application Server V 6.1 and I found these systems to be very impressive. The results of our tests shows that it can give you double the performance of T2000. Due to limitation of 4GB of address space for 32-bit process and the App Server's own scalability, I think none of the App Server will be able to scale and fully utilize this system. So I used multiple instance to maximize the system usages. As the software remains the same the tuning and tuning recommendations are not going to change.

Here is what I have done with my WebSphere Application Server to get best out of this system:

Thread Pools:
ORB: 39/39
Web Container: 47/47
Default: 20/20

EJB Cache: 60000 (previously recommended setting on my blog would be ok too).

JVM Settings:
Heap : 2300-2600
-server -XX:NewSize/-XX:MaxNewSize 1/3rd of Heap
-Xss128k -XX:LargePageSizeInBytes=256m -XX:+AggressiveOpts
-XX:+UnlockDiagnosticVMOptions -XX:-EliminateZeroing -XX:+UseParallelGC
-XX:ParallelGCThreads=16 -XX:+UseParallelOldGC

Connection Pool:
Min/Max Connection: 160/160
Statement Cache: 120

Then the usual stuff we do with TCP Connection settings, disabling the performance monitoring framework, setting the keep-alive etc.

Here are few of the setting I put in my /etc/system and which helped a lot for network performance and interrupts distribution:
set ip:ip_soft_rings_cnt = 8
set ddi_msix_alloc_limit = 8

Some of the issues I came across and you should also keep an eye on that:
Use intrstat(1M) and mpstat(1M) to find out how the interrupts processing going on. intrstat will give you the interrupts processing for different devices and which core is handling that and then you can look at the mpstat(btw this is very long so redirect to some files to take a look at it later) which will tell you if it is a bottleneck.
DB Connection – They always originates from whatever is returned by gethostbyname(3NSL) API and thus it may become bottleneck. So I used containers so the result of these API call are different i.e that will hostname(1) of your zone.
Full GC – Keep an eye on full GC and set the New Generation appropriately.

Note: If you are looking for more information on UltraSPARC T2 don't forget to check http://blogs.sun.com/.

Disclosure Statement:
SPEC, SPECjAppServer2004 are reg tm of Standard Performance Evaluation Corporation. Links are from www.spec.org.




« July 2016