DSM-Accelerator [4.30] - July 2, 2024

1. Overview

This article provides an overview of the resolved issues in the Fortanix Data Security Manager (DSM)-Accelerator 4.30 release. 

2. Bug Fixes

  • DSM-Accelerator Webservice:
    • Improved the Fortanix DSM-Accelerator Webservice performance for highly transactional applications, by removing the bearer token check in the Fortanix DSM-Accelerator Webservice so that it does not reach out to Fortanix DSM for authentication when processing locally cached keys (JIRA: PM-351).
  • DSM-Accelerator JCE Provider:
    • Improved the Fortanix DSM-Accelerator JCE Provider performance for highly transactional applications, by removing the bearer token check in the Fortanix DSM-Accelerator JCE Provider so that it does not reach out to Fortanix DSM for authentication when processing locally cached keys (JIRA: PM-351).
    • The path to copy the library libdsmaccelerator.so in Linux can now be configured using the environment variable FORTANIX_TEMP_DIR (JIRA: PROD-8500).
    • The path to copy the library dsmaccelerator.dll in Windows can now be configured using the environment variable FORTANIX_TEMP_DIR (JIRA: PROD-8576).
      For more details, refer to the Developer’s Guide: DSM-Accelerator JCE Provider.

3. Fortanix Data Security Manager-Accelerator Performance Statistics

3.1 Runtime Environment

NOTE
  • The following table lists the standard recommended runtime environment. You can choose a higher configuration for better performance.
  • DSM-Accelerator was run in the runtime environment listed below for performance testing.
Item Specification
Number of Cores

4

CPU

Intel(R) Xeon(R) CPU E5-2673 v4 @ 2.30GHz

RAM

2 GiB

VM Type 

Standard D4ds v4 Azure VM

Docker Runtime Configuration

docker run -d --network host --memory=1g --memory-swap=2g --log-driver json-file --log-opt max-size=100m

________________________________________________________________________________________________________________

3.2 DSM-Accelerator Webservice

NOTE
The performance numbers below are captured with a single node; if you need higher performance or throughput, then we recommend adding multiple nodes.
Key Types and Operations Throughput (Operations/second on a 1-node cluster)
AES 256: CBC Encryption/Decryption 20,907/20,557
AES 256: GCM Encryption/Decryption 21,274/21,267
AES 256: FPE Encryption/Decryption 9,456/9,417

________________________________________________________________________________________________________________

3.3 Additional Modes

Key Types and Operations Throughput (Operations/second on a 1-node cluster)
AES 256: CBCNOPAD Encryption/Decryption 20,777/21,075
AES 256: CFB Encryption/Decryption 21,488/21,279
AES 256: CTR Encryption/Decryption 21,398/21,197
AES 256: OFB Encryption/Decryption 21,480/ 21,137
AES 256: CCM Encryption/Decryption 21,076/ 21,172

Comments

Please sign in to leave a comment.

Was this article helpful?
0 out of 0 found this helpful