The most expensive part of the connection is the public key exchange during the SSL negotiation. This negotiation occurs every time the control or data port is opened. In a multiple file transfer scenario, each file transfer results in the data port being opened and closed. Many small files being transferred should use more CPU than one large file being transferred. I am not sure if SSLServ supports session caching (reuse of the session keys) to lessen the CPU impact of the key exchange, or if the FTP clients can even support it. I will check the RFC for that.
Steve Bireley Vice-President Product Development BlueZone Software 1-404-364-1731 www.bluezonesoftware.com "BlueZone Secure FTP is now Free" -----Original Message----- From: The IBM z/VM Operating System [mailto:[EMAIL PROTECTED] On Behalf Of Tom Duerbusch Sent: Wednesday, October 17, 2007 10:32 AM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: MIPS for SSLSERV I can't say about TN3270, but if you assume that all encryption has the same cost (i.e. cost per MB), then: On SLES10, FTP encryption seemed to become the default vs older Suse systems. When I FTP iso images now, it takes 4 X the CPU power then the non-encrypted version. This is based on our z/890 IFL. So, my first guess is 4 times the current cost of your TCPIP stack. Tom Duerbusch THD Consulting FELINE PHYSICS: Law of Cat Motion A cat will move in a straight line, unless there is a really good reason to change direction. >>> Alan Ackerman <[EMAIL PROTECTED]> 10/16/2007 6:01 PM >>> We have been asked to encrypt all TN3270 traffic to our VM systems (5 LPARS + 14? guests). I am planning to use the VM SSLSERV, running on Red Hat (RHEL 4) Linux. My management wants me to estimate the MIPS (or CPU cycles) cost of this. Any ideas? I can get number of users logged in via TCP/IP via NETSTAT TELNET, so a per-user cost would be nice, or a total cost and number of logged-in users, but I will take any estimates you have. These are CMS users, or users dialing in to VTAM. (Existing Linux guests are not affected by this, as they already use encrypted TELNET.) z/VM 5.3.0 (soon) on z9 EC processors. QWS3270 Secure (although I don't think the PC client makes any difference).
