Benchmark Overview
This post provides a summary of a recent benchmark effort for the Fortress RBAC Accelerator. The RBAC accelerator uses LDAPv3 extended operations to perform the following access control functions:
- Create Session – attempts to authenticate client; if successful, initiates an RBAC session by activating one or more user roles
- Check Access – determines if user has access rights for a given resource
- Add Active Role – attempts activation for a given role into user’s RBAC session
- Drop Active Role – deactivates a given role from user’s RBAC session
- Delete Session – deletes the given RBAC session from the server
- Session Roles – Returns the active roles associated with current session
The result of each of the above functions are persisted to LMDB for audit trail.
Benchmarks performed using a Jmeter test client to drive load for CheckAccess (#2). The server hosts the OpenLDAP daemon which has the RBAC accelerator overlay.
Client Machine
- operating system: ubuntu 13.04
- kernel: 3.8.0-32-generic
- processor: Intel® Core™ i7-4702MQ CPU @ 2.20GHz × 8
- memory: 16GB (doesn’t use anywhere close to that)
- Java version 7
Server Machine
- operating system: ubuntu 14.04
- kernel: 3.13.0-32-generic
- processor: Intel® Core™ i7-4980HQ CPU @ 2.80GHz × 4
- memory: 8GB
- OpenLDAP version: 2.4.39
Test Details
- 25 threads running on client
- each thread runs checkAccess 50,000 times
- 1,250,000 total
- Client CPU load: approximately 50%
Test Results
- Response time: 1 millisecond
- Throughput: 11,533 transactions per second
- Server CPU load: approximately 85%
iamfortress 
[…] Fortress RBAC Accelerator PDP Benchmark Report January 19, 2015 […]
LikeLike