Balancing Performance and Security

Applies To: Windows Server 2003, Windows Server 2003 with SP1

Balancing performance with concerns about the security of your Web applications can be an important issue, particularly if you run an e-commerce Web site. Secure Web communications require more resources than do Web communications that are not secure, so you need to know when to use security techniques such as SSL certificates or any of the Windows authentication methods. Because SSL uses complex encryption, and encryption requires considerable processor resources, it takes much longer to retrieve and send data from SSL-enabled directories. Therefore, you should place only those files that contain or receive sensitive information in your SSL-enabled directory, keeping pages free of resource-consuming elements such as images.

If you use SSL, be aware that establishing the initial connection takes five times longer than reconnecting by using security information in the SSL session cache. The default time-out interval for the SSL session cache is 10 hours in Windows Server 2003. After secure data is deleted from the cache, the client and server must establish a new connection.