Sun Niagara as an awesome HTTPS offload proxy
Sun has recently released it’s new UltraSparc T1 based systems (aka “Niagara”) boxes. These boxes are basically single CPU boxes but the CPU have 8 cores with each core having 4 hardware threads on them. Solaris 10 sees 32 CPU’s on this box. Workloads which are threaded work very well on these boxes.
The other thing cool about the Sun Niagara is that they have phenomenal RSA performance which seems to be accessible via the SSLCryptoDevice directive to Apache. With Apache 2.2 mod_proxy showing a lot of improvement, this would make Apache with the worker mpm (small number of processes with lots of threads per process) combined with mod_ssl an exciting combination to run.
It seems a bit strange though that Sun is recommending that people compile Apache with the prefork mpm. I guess that might be appropiate if Apache were to be compiled with PHP or some other module but I would expect that for an HTTPS offload workload, then worker might scale better.
The other interesting bit would be to modify Apache Flood to have support for engine(3). This would allow for a very fast threaded ssl aware http benchmark which would take advantage of the RSA speedups within Niagara.
It looks like some Apache committers might be getting their hands on this box soon.
Now, if only there was support for SNI via mod_ssl or if mod_gnutls support engine(3) then these boxes are likely to be no-brainer for ISP’s to host SSL frontends.