Hi,

I've read a few of the notes on the mailing list about hardware acceleration
for SSL.

What does this mean? Does this mean using a CPU with certain extensions? If so
how can i confirm whether or not i've built Pound with support for those
extensions, and even whether or not my OS supports them?

I ran a quick benchmark yesterday and got impressive results.  At the moment I
am just running on a core 2 duo laptop, yet still managed 600 trx/s with the
same box running jmeter, pound and apache (Oh; And they were all in a VM!) 
However we need significantly more than this throughput.

Thanks,
Dan
[...]

SSL Hardware Acceleration usually means offloading encryption to specific
dedicated hardware, most often PCI cards.
http://en.wikipedia.org/wiki/SSL_acceleration
---
François Rejeté


On Thu, Apr 23, 2009 at 5:57 PM, Daniel Keeley
<Daniel.Keeley(at)aegate.com>wrote:
[...]

Ok great thanks.

A quick bit of research shows a HP device that seems to handle a similar number
of transactions per second to what I achieved in my benchmark.

Dan

-----Original Message-----
From: frejete(at)gmail.com [mailto:frejete(at)gmail.com] On Behalf Of Francois
Rejete
Sent: 23 April 2009 10:07
To: pound(at)apsis.ch
Subject: Re: [Pound Mailing List] Performance and Hardware SSL

SSL Hardware Acceleration usually means offloading encryption to specific
dedicated hardware, most often PCI cards.
http://en.wikipedia.org/wiki/SSL_acceleration
---
François Rejeté


On Thu, Apr 23, 2009 at 5:57 PM, Daniel Keeley
<Daniel.Keeley(at)aegate.com>wrote:
[...]

--
To unsubscribe send an email with subject unsubscribe to pound(at)apsis.ch.
Please contact roseg(at)apsis.ch for questions.

Aegate Limited is a limited company registered in England and Wales with
registration number 5089909, having its registered office at 123 Buckingham
Palace Road, London SW1W 9SR, England.

This communication may contain confidential and/or privileged information
belonging to Aegate Limited. This information is intended only for the use of
the individual or entity named. If you are not the intended recipient, or the
employee or agent responsible to deliver it to the intended recipient, you
should notify Aegate Limited immediately. You are hereby notified that any
disclosure, copying, distribution or taking of any action in reliance on the
contents of this communication is strictly prohibited.

In a related note.  What experiences have people had with cards already out
there?

Which were easy to install/configure?

Just looking for some recommendations.

Thank you.

--Alfonso 

-----Original Message-----
From: frejete(at)gmail.com [mailto:frejete(at)gmail.com] On Behalf Of Francois
Rejete
Sent: Thursday, April 23, 2009 5:07 AM
To: pound(at)apsis.ch
Subject: Re: [Pound Mailing List] Performance and Hardware SSL

SSL Hardware Acceleration usually means offloading encryption to specific
dedicated hardware, most often PCI cards.
http://en.wikipedia.org/wiki/SSL_acceleration
---
François Rejeté


On Thu, Apr 23, 2009 at 5:57 PM, Daniel Keeley
<Daniel.Keeley(at)aegate.com>wrote:
[...]

--
To unsubscribe send an email with subject unsubscribe to pound(at)apsis.ch.
Please contact roseg(at)apsis.ch for questions.

--
This message has been scanned for viruses and dangerous content by SecureMail,
and is believed to be clean.

Hello,

I have not used any SSL acceleration cards with Pound. Yet, I wanted to
provide a little word of caution that I got from an IT colleague who has
such experience.

Many SSL accelerator cards actually implement the SSL decryption in their
bios, i.e. software. This is no faster than a good software implementation
running on a dedicated multi-core CPU today. Our Gigahertz class CPUs of
today are more than adequate to do SSL decryption in software.

Always make sure that you are buying a card that implements the SSL
algorithm in hardware entirely. 

The cheap cards use software BIOS as their "acceleration". Avoid those
cards. Expect to pay handsomely for a decent hardware-only implementation of
SSL. You will get what you pay for in this case.
[...]