Hi,
i am interested to know the performance hit caused on enabling encryption with shield.
I wanted to fine tune few parameters before taking performance numbers.
Any suggestions on configurations of security protocols for better performance. I have some questions in particular
How does Shield does encryption at the backend ? JDK SSL or OPEN SSL ?
Which cipher suites should be used for better performance ?
Is the performance dependent on java version or JCE or other stuff ?
are there any benchmarks ES has on enabling encryption
I think you should consider security of the ciphers and prioritize that over performance. For example RC4 ciphers might be faster but it is widely considered insecure.
Performance of SSL will be dependent on Java version and the JCE provider. Some providers delegate to native libraries like NSS and this will often yield better performance.
We do not provide benchmarks as these will depend greatly on your JDK and hardware. The Rally tool can be used to test performance against a cluster running elasticsearch with shield/xpack security.
I think you are better off taking baseline numbers before changing any parameters; you may wind up with a slower configuration than the default if you do not.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.