Issue No.07 - July (2007 vol.18)
Jin-Ha Kim , IEEE
Gyu Sang Choi , IEEE
Chita R. Das , IEEE
<p><b>Abstract</b>—State-of-the-art cluster-based data centers consisting of three tiers (Web server, application server, and database server) are being used to host complex Web services such as e-commerce applications. The application server handles dynamic and sensitive Web contents that need protection from eavesdropping, tampering, and forgery. Although the Secure Sockets Layer (SSL) is the most popular protocol to provide a secure channel between a client and a cluster-based network server, its high overhead degrades the server performance considerably and, thus, affects the server scalability. Therefore, improving the performance of SSL-enabled network servers is critical for designing scalable and high-performance data centers. In this paper, we examine the impact of SSL offering and SSL-session-aware distribution in cluster-based network servers. We propose a back-end forwarding scheme, called <it>ssl_with_bf</it>, that employs a low-overhead user-level communication mechanism like Virtual Interface Architecture (VIA) to achieve a good load balance among server nodes. We compare three distribution models for network servers, Round Robin (RR), <it>ssl_with_session</it>, and <it>ssl_with_bf</it>, through simulation. The experimental results with 16-node and 32-node cluster configurations show that, although the session reuse of <it>ssl_with_session</it> is critical to improve the performance of application servers, the proposed back-end forwarding scheme can further enhance the performance due to better load balancing. The <it>ssl_with_bf</it> scheme can minimize the average latency by about 40 percent and improve throughput across a variety of workloads.</p>
Secure Sockets Layer, cluster, Web servers, application server layer, load distribution, user-level communication.
Jin-Ha Kim, Gyu Sang Choi, Chita R. Das, "An SSL Back-End Forwarding Scheme in Cluster-Based Web Servers", IEEE Transactions on Parallel & Distributed Systems, vol.18, no. 7, pp. 946-957, July 2007, doi:10.1109/TPDS.2007.1062