CoSign: Collaborative Single Sign-On  

cosign-discuss at
general discussion of cosign development and deployment

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: php + cosign scalability

Hi Mark,
Thank you so much for your kind advice. Is there a general consensus 
on the use of a programming language given that the back end is going 
to be Oracle. For me, php scripting is easier than jsp or perl, but 
what would be the pros and cons if I were to decide on a programming 
language that would host a high traffic information system on the web 
protected by mod_cosign.

I really appreciate your help in advance.

Quoting Mark Montague <markmont@xxxxxxxxx>:

> On Tue, 22 Jun 2004, Renju Jacob wrote:
> > I was considering deploying cosign filters on a server running
> Apache
> > + php and was wondering if it might not be an ideal platform if
> the
> > volume of requests were really high. I mean, I just wanted to
> gather
> > opinion from people who might have deployed this set up and have
> had
> > issues with scalability. Is there an alternate solution for
> catering
> > to high traffic, if this is not an ideal platform (I mean
> something
> > like cosign filters on Tomcat + jsp ?-not sure if there are cosign
> > modules for this platform).
> > I'ld really appreciate any advise from folks who have had some
> > experience with this issue.
> Hi, Renju,
> LSA is running mod_cosign for Apache 1.3.x together with
> mod_php (PHP 4.3.6) and is not experiencing any problems.
> We have other servers where Perl CGIs and mod_perl are
> used extensively, and yet others where Java is used
> extensively (not in a servlet environment, though, just
> as "Java CGIs").
> What adds the most overhead is protecting all of your
> pages with TLS/SSL.  But this has nothing do to with
> cosign per se -- although it's recommended that you
> serve all of your cosign protected pages over HTTPS,
> cosign should work if you choose to use HTTP instead.
> Whether you are using cosign or another solution
> such as mod_auth, the biggest thing that can help here
> is having an SSL hardware accelerator card in your
> web server to offload the cryptographic operations from
> your main processors and to reduce the latency of SSL
> operations.  Note that mod_cosign will communicate with
> the central weblogin servers via a private TLS connection,
> and can take advantage of any SSL hardware acclerator
> card for this, although the performance improvement will
> be insignificant since the amount of back-end traffic is
> so small.
> So basically, mod_cosign itself adds very little overhead.
> If your server is capable of handling the volume of requests
> with, say, mod_auth (DigestAuth) and SSL, then it will
> certainly be able to handle the same volume when you
> replace mod_auth with mod_cosign.
> Mostly it will depend on what your PHP pages are doing
> and how.
> If you want to switch platforms, a JavaCosign implementation
> does exist.  I believe it works with at least Tomcat.
> You can get the Java cosign filter from
>                 Mark Montague
>                 LS&A Information Technology
>                 markmont@xxxxxxxxx

Copyright © 2002 - 2004 Regents of the University of Michigan :  Page last updated 15-December-2010