Designing for Performance: What s Your Strategy in .NET Compose ECC200 in .NET Designing for Performance: What s Your Strategy

Designing for Performance: What s Your Strategy generate, create datamatrix 2d barcode none with .net projects console app Because a native format does ECC200 for .NET not provide complete protection from interceptors, you may want to use data encryption to provide a more secure transmission of data. For example, you may want to use data encryption in the following scenarios: You have offices that share confidential information over an intranet.

You send sensitive data, such as credit card numbers, over a database connection. You need to comply with government or industry privacy and security requirements. Data encryption is achieved by using a protocol for managing the security of message transmission, such as Secure Sockets Layer (SSL).

Some database systems, such as DB2 for z/OS, implement their own data encryption protocol. The way the database-specific protocols work and the performance penalties associated with them are similar to SSL. In the world of database applications, SSL is an industry-standard protocol for sending encrypted data over database connections.

SSL secures the integrity of your data by encrypting information and providing client/server authentication. From a performance perspective, SSL introduces an additional processing layer, as shown in Figure 2-10..

Application Layers TCP/IP Figure 2-10. SSL: an additional processing layer The SSL layer includes two CP U-intensive phases: SSL handshake and encryption. When encrypting data using SSL, the database connection process includes extra steps between the database driver and the database to negotiate and agree. Your Applications upon the encryption/decryptio n information that will be used. This is called the SSL handshake. An SSL handshake results in multiple network round trips as well as additional CPU to process the information needed for every SSL connection made to the database.

During an SSL handshake, the following steps take place, as shown in Figure 2-11: 1. The application via a database driver sends a connection request to the database server. 2.

The database server returns its certificate and a list of supported encryption methods (cipher suites). 3. A secure, encrypted session is established when both the database driver and the server have agreed on an encryption method.

. 1 Application 2 3 Figure 2-11. SSL handshake Encryption is performed on ea ch byte of data transferred; therefore, the more data being encrypted, the more processing cycles occur, which means slower network throughput. SSL supports symmetric encryption methods such as DES, RC2, and Triple DES. Some of these symmetric methods cause a larger performance penalty than others, for example, Triple DES is slower than DES because larger keys must be used to encrypt/decrypt the data.

Larger keys mean more memory must be referenced, copied, and processed. You cannot always control which encryption method your database server uses, but it is good to know which one is used so that you can set realistic performance goals. Figure 2-12 shows an example of how an SSL connection can affect throughput.

In this example, the same benchmark was run twice using the same application, JDBC driver, database server, hardware, and operating system. The only variable was whether an SSL connection was used..

Designing for Performance: What s Your Strategy Select 1 row of 3100 bytes. 700000 600000. Rows/Second 500000 400000 300000 200000 100000 0 1 SSL Non-SSL 2 3 4 5 6 7 8 9 10 Threads Figure 2-12. Rows per second: SSL versus non-SSL Figure 2-13 shows the CPU ass Data Matrix for .NET ociated with the throughput of this example. As you can see, CPU use increases when using an SSL connection.

. Select 1 row of 3100 bytes. CPU Utilization 70% 60% 50% 40% 30% 20% 10% 0 % 1 2 3 4 5 6 7 8 9 10. SSL Non-SSL Threads Figure 2-13. CPU utilization: SSL versus non-SSL Static SQL Versus Dynamic SQL Performance Tip To limit the performance penalty associated with data encryption, consider establishing a connection that uses encryption for accessing sensitive data such as an individual s tax ID number, and another connection that does not use encryption for accessing data that is less sensitive, such as an individual s department and title. There is one caveat here: Not all database systems allow this. Oracle and Microsoft SQL Server are examples of database systems that do.

Sybase is an example of either all connections to the database use encryption or none of them do..
Copyright © . All rights reserved.