Analyzing Security Data and Planning Upgrades
Applies To: Windows Server 2003, Windows Server 2003 with SP1
After you collect data to assess the effects of adding security features to your server configuration, use the results of your analysis to plan configuration changes that can help you handle the additional workload that is required to support security features. Consider the following options.
Upgrade or add processors
Security features in general and the SSL protocol in particular are usually processor-intensive. Because Windows Server 2003 security features are multithreaded, they can run simultaneously on multiple processors. Thus, adding processors can improve performance significantly and prevent the processors from becoming a bottleneck.
For best results, choose processors with large secondary (L2) cache space (up to 2 MB). When a security feature like SSL encrypts and decrypts data, much of the processors time goes to reading and writing small units of data to and from main memory. If your server can store this data in the processor cache, the data is retrieved much faster.
Add memory
If security features cause increased paging or shortages in virtual memory, adding more memory can help. The physical memory used to support the security service consumes space that can be used to cache files. To accommodate peak use, allow for twice as much memory as required during times of average use while still maintaining 10 MB of available memory.
Important
Avoid adding disk space for security-related activity. Do not add disk space solely to support security features. Any increased disk activity associated with security features is likely to result from a shortage of physical memory, not from an actual need for more disk space. Security features such as the SSL protocol rely primarily on processors and physical memory, as opposed to disk space.
Use custom hardware
Custom hardware, such as cryptoaccelerator cards, can make a significant difference in the way that your server handles security overhead. Be sure to thoroughly test any nonstandard hardware to make sure that it is compatible with the other hardware and software that you use.
Related Topics
For more information about IIS security features, see Configuring Advanced Security and Customization.
For more information about setting up certificates and keys, see Configuring SSL on a Web Server or Web Site.
For more information about enabling HTTP keep-alives, see Enabling HTTP Keep-Alives to Keep Connections Open.