Archive for February, 2006

Sun Niagara as an awesome HTTPS offload proxy

February 28, 2006 Comments off

Sun has recently released it’s new UltraSparc T1 based systems (aka “Niagara”) boxes. These boxes are basically single CPU boxes but the CPU have 8 cores with each core having 4 hardware threads on them. Solaris 10 sees 32 CPU’s on this box. Workloads which are threaded work very well on these boxes.

The other thing cool about the Sun Niagara is that they have phenomenal RSA performance which seems to be accessible via the SSLCryptoDevice directive to Apache. With Apache 2.2 mod_proxy showing a lot of improvement, this would make Apache with the worker mpm (small number of processes with lots of threads per process) combined with mod_ssl an exciting combination to run.

It seems a bit strange though that Sun is recommending that people compile Apache with the prefork mpm. I guess that might be appropiate if Apache were to be compiled with PHP or some other module but I would expect that for an HTTPS offload workload, then worker might scale better.

The other interesting bit would be to modify Apache Flood to have support for engine(3). This would allow for a very fast threaded ssl aware http benchmark which would take advantage of the RSA speedups within Niagara.

It looks like some Apache committers might be getting their hands on this box soon.

Now, if only there was support for SNI via mod_ssl or if mod_gnutls support engine(3) then these boxes are likely to be no-brainer for ISP’s to host SSL frontends.

Categories: Solaris

Upgraded to WordPress 2.0.1

February 20, 2006 Comments off

I wanted to do this via the one click option offerred by my webhost but in the end decided to do via the old fashioned way of following the instructions in the codex

Upgrade seems to have gone smoothly. Now to investigate the features provided by WordPress 2.0.1

Categories: Blogging Toolchains

Enabling cheaper SSL hosting

February 19, 2006 1 comment

Today the cost of SSL enabled websites increases due to

  1. cost of doing SSL computations
  2. The requirement of one IP per hostname hosting SSL

With increasing CPU performance (particularly the AMD Opteron) which totally rule in terms of RSA crypto performance, point (1) is slowly becoming a non-issue. point (b) is still an issue

point (2) is being addressed via Server Name Indication.

which is currently only supported in Opera 8.0.

IE 7/Vista will also support SNI

SNI will make it possible to support virtual SSL hosting on a single IP which would allow more websites to consider end-to-end SSL support
For Mozilla, there are the bugs filed for support of this

Guess which company the engineer works who has the bug assigned to him. You are right, It’s Sun Microsystems.

So here’s a shout-out to the Sun bloggers out there. If you believe that making it easier for webhosters (who may purchase Sun hardware if they find that SSL performance on the Sun Niagara boxes screams to easily host virtual SSL hosts on a single IP is a worthwhile proposition, then I encourage you to evangalize within the organisation to enable the engineering resources within Sun so that Mozilla/Firefox have support for SNI at the earliest.

Remember that a large percentage of the world isn’t going to move to Vista so SNI support in Firefox may even lead to a faster adoption of the browser and help in standard adoption

Categories: Solaris

Getting into the deals

February 17, 2006 Comments off

One of my favourite bloggers Jonathan Schwartz mentions in a recent Eweek interview that he is worried about getting into deals.

Well, I can think of one class of deals which Jonathan can easily win but isn’t getting into today. These are the Linux/FreeBSD NAS boxes which use 3ware IDE Raid controllers. Just do a google search or search Redhat/Suse’s bugzilla to see the pain people face monkeying with NFS and the linux filesystem of the week.

With ZFS and Sun’s robust NFS stack (Check out which company has a lot of slots in the upcoming Connectathon), Solaris can pretty much own the market in the low-cost NAS box. Track a few mailing lists and sales staff can cold-call the appropiate sysadmin who has pretty much detailed his pain points when trying to setup a robust NFS server. Maybe there are cross-sell opportunities for StorageTek products.

Jonathan, all this needs is the driver team in Beijing and/or your IHV/ISV engagement teams to get cracking with 3ware at the earliest.

Technorati Tags:

Categories: Solaris
%d bloggers like this: