HSM Scalability
A customer terminating TLS on web server needs to serve e.g. 50000 sessions where for each TLS handshake the performance and latency has to be minimal e.g. less than 200 ms so that the user experience is optimal. What can user do with AWS CloudHSM architecture to expand performance? How do you ensure security?
- 최신
- 최다 투표
- 가장 많은 댓글
You can use HSM for TLS offload.
https://docs.aws.amazon.com/cloudhsm/latest/userguide/ssl-offload-overview.html
In this case, private key used to encrypt/decrypt “Pre-master” secret never leaves HSM. Also, with the use of latest AWS HSM SDK > 5.8.0, JCE/PKCS application, can connect multiple application instances to the same cluster and one application can connect to multiple HSM clusters if required. If application requires huge amount of sessions, you can horizontally scale application instances(web servers) that can connect to the same HSM cluster. This will help with the performance/scalability requirements.
https://docs.aws.amazon.com/cloudhsm/latest/userguide/java-lib-configs-multi.html
Hi,
HSM service has published some performance data: https://docs.aws.amazon.com/cloudhsm/latest/userguide/performance.html
Also in section "Performance and capacity" of https://aws.amazon.com/cloudhsm/faqs/
This ppt (I recommend to read it in full) gives at page 36 and beyond some recipes to improve perfs: https://d1.awsstatic.com/events/reinvent/2019/REPEAT_1_Deep_dive_on_AWS_CloudHSM_SEC406-R1.pdf
Or this newer version at https://d1.awsstatic.com/events/reinvent/2021/Deep_dive_on_AWS_CloudHSM_SEC322.pdf
Best,
Didier
관련 콘텐츠
AWS 공식업데이트됨 일 년 전
