M
mjacobs
Guest
Yes, it is very normal for the client to run slower. The simple fact that you are tunneling through HTTPS will make it slower. Add the fact that you are adding hops for additional network servers when you use AIA. Last, add the SSL authentication and cryptography. The real question is how much slower, and to a certain degree that is under your control. In your configuration you have an IIS 7 running in a Windows server, which most use cases do not, so that will make it slower that going directly to Tomcat. The configuration of SSL can have a large impact on the network performance, based on the encryption and key exchange algorithms chosen. The architecture of the client can also affect performance in an SSL use-case based on the frequency it makes connections to the server (SSL connections are very expensive). SSL's cryptography is generally executed in software and is a CPU intensive operation, so your choice of OS and hardware can have an impact. As you can see there are a number of variables that affect performance. So you can understand that 'slower' is relative. If you can, remove the IIS server. Run Tomcat on a fast OS using high performance CPUs. It can be complicated, but configure the SSL server to use faster data encryption algorithm. Make long lifetime SSL (TCP) connections from the client to the server. Test. Hope this helps.
Continue reading...
Continue reading...