Your suggested change has been received. Thank you.

close
Thales Logo

All

  • All
  • CipherTrust Manager
  • CipherTrust Application Data Protection (CADP)
  • CipherTrust Application Key Management (CAKM)
  • CipherTrust Batch Data Transformation (BDT)
  • CipherTrust Cloud Key Management (CCKM)
  • CipherTrust Data Discovery and Classification (DDC)
  • CipherTrust Data Protection Gateway (DPG)
  • CipherTrust Database Protection (CDP)
  • CipherTrust Intelligent Protection (CIP)
  • CipherTrust Integrations
  • CipherTrust Migrations
  • CipherTrust RESTful Data Protection (CRDP)
  • CipherTrust Transparent Encryption (CTE)
  • CipherTrust Transparent Encryption Userspace (CTE-U)
  • CipherTrust Secrets Management (CSM)
  • CipherTrust Vaulted Tokenization (CT-V)
  • CipherTrust Vaultless Tokenization (CT-VL)
  • CTE-Linux
  • CTE-Windows
  • CTE-AIX
  • CTE-K8s
  • CTE-U
  • Crypto Command Center
  • Data Protection on Demand
  • Luna Cloud HSM
  • Luna Network HSM
  • Luna PCIe HSM
  • Luna USB HSM
  • OneWelcome Identity Platform
  • ProtectApp LUKS
  • ProtectServer 2 HSM
  • ProtectServer 3 HSM
  • SafeNet Trusted Access (STA)
  • SafeNet MobilePASS+
  • SafeNet MobilePASS+ for Android
  • SafeNet MobilePASS+ for Chrome
  • SafeNet MobilePASS+ for macOS
  • SafeNet MobilePASS+ for iOS
  • SafeNet MobilePASS+ for WatchOS
  • SafeNet MobilePASS+ for Windows
  • SafeNet Synchronization Agent
  • SafeNet Logging Agent
  • SafeNet Agent for FreeRADIUS
  • SafeNet Agent for NPS
  • SafeNet Agent for Windows Logon
  • SafeNet Authentication Service Private Cloud Edition (SAS PCE)
  • SafeNet Remote Logging Agent
  • SafeNet Keycloak Agent
  • SafeNet IDPrime Virtual (IDPV)
  • SafeNet FIDO Key Manager
  • SafeNet FIDO Key Manager for Android
  • SafeNet FIDO Key Manager for iOS
  • SafeNet FIDO Key Manager for Windows
back

CipherTrust Manager Performance Summary

KMIP Operations Performance

search

Please Note:

print

KMIP Operations Performance

The test environment for Key Management Interoperability Protocol (KMIP) operations performance includes a single virtual CipherTrust Manager instance and a multithreaded KMIP client. The users that performed these operations were local users operating in the root domain.

  • CipherTrust Manager k570 physical appliance

    • CPU - 1 CPU with 4 cores

    • Memory - 16 GB

    • Hard Drive - 2 TB

  • KMIP Client

    • CPUs - 4

    • Memory - 16 GB

    • Hard Drive - 400 GB

  • Sar utility from the Sysstat package used to collect system data

copy link to clipboardHigh Level Summary

OperationClient UsedKMIP ObjectRate Keys/SecondCM System Metrics during OperationNotesDuration in Seconds
Create Symmetric KeysCryptsoftAES256436CPU: 85%, Memory: 11 GB1 million keys created2294
Create Asymmetric KeysCryptsoftRSA2048 pair25CPU: 98%, Memory: 12 GB10K public and 10K private keys created401
Get Random KeysIn-houseAES25686CPU: 98%, Memory: 12 GB10K keys116
Update KeysIn-houseAES25678CPU: 97%, Memory: 12 GB10K keys129
Encrypt and Decrypt DataIn-houseAES25649CPU: 65%, Memory: 12 GB10K keys205
MAC KeysIn-houseAES25693CPU: 99%, Memory: 12 GB10K keys MAC operation108
MAC Verify KeysIn-houseAES25677CPU: 97%, Memory: 12 GB10K keys MAC verify130
Delete KeysIn-houseAES25680CPU: 99%, Memory: 12 GB10K keys125

copy link to clipboardSymmetric Key Creation

This test created 1 million AES 256 keys using a KMIP client with 100 threads. Data was collected at a 5 second interval.

This operation took 2294 seconds, with a creation rate of 436 keys per second.

copy link to clipboardAsymmetric Key Creation

This test created 10000 RSA2048 keys using a KMIP client with 100 threads. Data was collected at a 5 second interval.

This operation took 401 seconds, with a creation rate of 25 keys per second.

copy link to clipboardRandom Key Get

This test retrieved 10000 AES256 keys using a KMIP client with 200 threads. Data was collected at a 5 second interval.

This operation took 116 seconds, with a retrieval rate of 86 keys per second.

copy link to clipboardKey Update

This test updated 10000 AES256 keys, adding a new attribute to the keys, name=x-MyAttribute value=value1. The test used a KMIP client with 200 threads. Data was collected at a 5 second interval.

This operation took 129 seconds, with an update rate of 78 keys per second.

copy link to clipboardEncrypt and Decrypt Data

This test encrypted and then decrypted the same 64 byte data with 10000 AES256 keys using a KMIP client with 200 threads. Data was collected at a 5 second interval.

This test took 205 seconds, with a rate of 49 keys performing encryption and decryption operations per second.

Note

This measurement demonstrates the threshold of encryption and decryption requests per second that can CipherTrust Manager can reliably process. Exceeding this rate can result in CipherTrust Manager dropping requests.

copy link to clipboardMAC Keys

This test MACed 10000 AES256 keys using a KMIP client with 200 threads. Data was collected at a 5 second interval.

This operation took 108 seconds, with a hash rate of 93 keys per second.

copy link to clipboardMAC Verify Keys

This test MAC verified 10000 AES256 keys using a KMIP client with 200 threads. Data was collected at a 5 second interval.

This operation took 130 seconds, with a hash verify rate of 77 keys per second.

copy link to clipboardDelete Keys

This test deleted 10000 AES256 keys using a KMIP client with 200 threads. Data was collected at a 5 second interval.

This operation took 125 seconds, with a deletion rate of 80 keys per second.

On this page