You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@accumulo.apache.org by Logan Jones <lo...@codescratch.com> on 2023/10/17 03:17:56 UTC
TLS Support in Accumulo
Hello:
I know that Accumulo has support for TLS. When turning on TLS support, we
noticed some pretty serious performance hits as a result of turning this on
in 1.10.2. Does anyone actually have TLS turned on for larger clusters? Are
there any known performance problems with turning on TLS?
Thanks in advance,
- Logan
Re: TLS Support in Accumulo
Posted by Logan Jones <lo...@codescratch.com>.
Hey Christopher:
Thanks for the response. Yeah, some performance hit was expected, it was
just the magnitude that we weren't expecting.
Unfortunately, I don't have a great benchmark to tell you exactly what we
saw, though we may have those numbers in the coming weeks. We decided to
pursue wire encryption through another means, but I am hoping to review
some of the numbers at a later date.
- Logan
On Tue, Oct 17, 2023 at 12:42 AM Christopher <ct...@apache.org> wrote:
> I think a performance hit is expected, due to the expected overhead of the
> TLS handshake, and the number of connections Accumulo requires in order to
> distribute work across a cluster. I think whether the overhead is tolerable
> is a per user decision, and may also be dependent upon the details of your
> application, table content, query patterns, hardware, and JVM support. I'm
> sure it's not suitable for everybody's use case, but could be a useful
> option in some circumstances. It's really hard to make general statements
> about whether it's worthwhile, though, because of different people having
> different requirements and environments.
>
> I am curious, though, if you could characterize the overhead you saw, as a
> point of comparison.
>
> On Mon, Oct 16, 2023, 23:18 Logan Jones <lo...@codescratch.com> wrote:
>
> > Hello:
> >
> > I know that Accumulo has support for TLS. When turning on TLS support, we
> > noticed some pretty serious performance hits as a result of turning this
> on
> > in 1.10.2. Does anyone actually have TLS turned on for larger clusters?
> Are
> > there any known performance problems with turning on TLS?
> >
> > Thanks in advance,
> >
> > - Logan
> >
>
Re: TLS Support in Accumulo
Posted by Christopher <ct...@apache.org>.
I think a performance hit is expected, due to the expected overhead of the
TLS handshake, and the number of connections Accumulo requires in order to
distribute work across a cluster. I think whether the overhead is tolerable
is a per user decision, and may also be dependent upon the details of your
application, table content, query patterns, hardware, and JVM support. I'm
sure it's not suitable for everybody's use case, but could be a useful
option in some circumstances. It's really hard to make general statements
about whether it's worthwhile, though, because of different people having
different requirements and environments.
I am curious, though, if you could characterize the overhead you saw, as a
point of comparison.
On Mon, Oct 16, 2023, 23:18 Logan Jones <lo...@codescratch.com> wrote:
> Hello:
>
> I know that Accumulo has support for TLS. When turning on TLS support, we
> noticed some pretty serious performance hits as a result of turning this on
> in 1.10.2. Does anyone actually have TLS turned on for larger clusters? Are
> there any known performance problems with turning on TLS?
>
> Thanks in advance,
>
> - Logan
>