Performance Summary
This section provides the performance summary of the Google Workspace CSE service managed through CCKM on the CipherTrust Manager server. The information on this page describes:
What is the configuration (CPU, RAM, and Disk) of each server?
Where are the clients located in relation to the servers?
What are the minimum network requirements for reliable connectivity?
How many requests per second (RPS) are handled in different scenarios?
Test Setup
This section describes the test environment in which the performance of the CCKM Google Workspace CSE service has been tested. The performance numbers provided in this section are based on this setup.
Note
Actual performance numbers in your environment can be different. The results can vary based on factors such as how and where the CipherTrust Manager is deployed, the CipherTrust Manager resources, the location of clients, the network connectivity, and how the traffic is load-balanced.
CipherTrust Manager
Virtual CipherTrust Manager k170v deployed to
Google Cloud
Amazon Web Services (AWS)
Physical Appliance k570
Client
k6 (an open-source load testing tool) is used as a client to simulate traffic between the Google Workspace CSE and the CipherTrust Manager.
The k6 client is deployed on the Google Cloud in the us-central1-a region.
Network Requirements
The following ports must be open for CipherTrust Manager/CCKM communication:
| Type | Protocol | Port Range |
|---|---|---|
| SSH | TCP | 22 |
| HTTPS | TCP | 443 |
| PostgreSQL (for Cluster) | TCP | 5432 |
Requests Per Second
The following sections list the wrap requests per second, approximate latency, and the number of virtual users for different deployment scenarios.
Note
To provide a good user experience, Google recommends a maximum latency of 200 ms (for 99% of the requests). Therefore, the performance numbers on this page are based on an approximate latency of 200 ms.
Google Cloud
| Server Location | Client Location |
|---|---|
| us-central1-a | us-central1-a |
Simulated the wrap requests for Google Workspace CSE on the CipherTrust Manager deployed on Google Cloud Platform using the k6 tool. The following table shows the handled number of requests per second (RPS), with approximate latency, and the number of virtual users for different data samples on a standalone CipherTrust Manager and a two-node CipherTrust Manager cluster connected with a load balancer.
Click a tab to view performance numbers based on two different specifications.
| System Volume | Memory | CPUs | NICs |
|---|---|---|---|
| 50 GB | 16 GB | 4 | 1 |
Click a tab to view performance numbers for a standalone CipherTrust Manager or a two-node cluster with a load balancer.
| Users | Latency (in ms) | Requests/Second |
|---|---|---|
| 10 | 42.77 | 16.39 |
| 20 | 42.84 | 32.71 |
| 30 | 46.39 | 48.92 |
| 40 | 68.4 | 63.68 |
| 50 | 94.69 | 76.9 |
| 60 | 181.26 | 83.95 |
| 70 | 368.66 | 84.35 |
| Users | Latency (in ms) | Requests/Second |
|---|---|---|
| 10 | 46.73 | 16.34 |
| 20 | 48.11 | 32.7 |
| 30 | 56.48 | 48.31 |
| 40 | 60.09 | 63.89 |
| 50 | 70.06 | 79.35 |
| 60 | 78.22 | 94.05 |
| 70 | 100.03 | 107.87 |
| 80 | 144.05 | 118.91 |
| 90 | 159.98 | 131.1 |
| 100 | 233.53 | 138.67 |
Comparison Graphs
Specification 1: Standalone vs Two-Node Cluster with Load Balancer
| System Volume | Memory | CPUs | NICs |
|---|---|---|---|
| 50 GB | 64 GB | 8 | 1 |
Click a tab to view performance numbers for a standalone CipherTrust Manager or a two-node cluster with a load balancer.
| Users | Latency (in ms) | Requests/Second |
|---|---|---|
| 10 | 36.08 | 16.58 |
| 20 | 37.92 | 32.87 |
| 30 | 37.97 | 49.24 |
| 40 | 38.19 | 65.67 |
| 50 | 47.65 | 80.58 |
| 60 | 46.83 | 97.22 |
| 70 | 52.12 | 112.59 |
| 80 | 59.87 | 127.12 |
| 90 | 70.91 | 141.43 |
| 100 | 95.29 | 153.37 |
| 110 | 117.52 | 164.39 |
| 120 | 169.39 | 170.86 |
| 130 | 194.66 | 178.97 |
| 140 | 219.93 | 187.08 |
| Users | Latency (in ms) | Requests/Second |
|---|---|---|
| 10 | 47.63 | 16.31 |
| 20 | 45.83 | 32.57 |
| 30 | 43.95 | 48.9 |
| 40 | 44.99 | 64.99 |
| 50 | 46.03 | 81.04 |
| 60 | 47.32 | 97.01 |
| 70 | 49.22 | 112.52 |
| 80 | 49.66 | 128.48 |
| 90 | 52.74 | 144.68 |
| 100 | 51.92 | 161.08 |
| 110 | 61.99 | 174.71 |
| 120 | 63.85 | 190.52 |
| 130 | 65.61 | 206.23 |
| 140 | 73.46 | 220.45 |
| 150 | 77.00 | 235.86 |
| 160 | 99.27 | 245.16 |
| 170 | 100.01 | 261.15 |
| 180 | 113.98 | 273.75 |
| 190 | 123.15 | 283.46 |
| 200 | 131.18 | 297.05 |
| 210 | 141.48 | 307.27 |
| 220 | 171.76 | 313.42 |
| 230 | 223.27 | 316.09 |
| 240 | 226.58 | 327.29 |
Comparison Graphs
Specification 2: Standalone vs Two-Node Cluster with Load Balancer
AWS Cloud
| Server Location | Client Location |
|---|---|
| us-east-1b | us-central1-a |
Simulated the wrap requests for Google Workspace CSE on the CipherTrust Manager deployed on AWS cloud using the k6 tool. The following table shows the handled number of requests per second (RPS), with approximate latency, and the number of virtual users for different data samples on a standalone CipherTrust Manager and a two-node CipherTrust Manager cluster connected with a load balancer.
Click a tab to view performance numbers based on two different specifications.
| System Volume | Memory | CPUs | NICs |
|---|---|---|---|
| 50 GB | 16 GB | 4 | 1 |
Click a tab to view performance numbers for a standalone CipherTrust Manager or a two-node cluster with a load balancer.
| Users | Latency (in ms) | Requests/Second |
|---|---|---|
| 10 | 69.13 | 15.74 |
| 20 | 66.52 | 31.71 |
| 30 | 67.68 | 46.66 |
| 40 | 72.38 | 62.17 |
| 50 | 92.67 | 75.8 |
| 60 | 97.9 | 91.01 |
| 70 | 152.7 | 100 |
| 80 | 236.6 | 105.81 |
| Users | Latency (in ms) | Requests/Second |
|---|---|---|
| 10 | 66.05 | 15.61 |
| 30 | 64.95 | 47.18 |
| 50 | 65.47 | 77.65 |
| 70 | 68.79 | 109.28 |
| 90 | 76.46 | 138.23 |
| 110 | 97.95 | 164.64 |
| 130 | 172.64 | 183.81 |
| 150 | 281.05 | 194.16 |
Comparison Graphs
Specification 1: Standalone vs Two-Node Cluster with Load Balancer
| System Volume | Memory | CPUs | NICs |
|---|---|---|---|
| 50 GB | 64 GB | 8 | 1 |
Click a tab to view performance numbers for a standalone CipherTrust Manager or a two-node cluster with a load balancer.
| Users | Latency (in ms) | Requests/Second |
|---|---|---|
| 10 | 51.47 | 16.04 |
| 20 | 50.49 | 31.82 |
| 30 | 51.77 | 47.82 |
| 40 | 52.59 | 63.63 |
| 50 | 53.29 | 79.43 |
| 60 | 63.37 | 93.58 |
| 70 | 60.32 | 109.9 |
| 80 | 63.51 | 126 |
| 90 | 67.79 | 141.75 |
| 100 | 83.54 | 154.69 |
| 110 | 79.38 | 170.72 |
| 120 | 83.37 | 184.8 |
| 130 | 99.96 | 195.91 |
| 140 | 130.89 | 204.84 |
| 150 | 123.94 | 220.16 |
| 160 | 152.1 | 228.05 |
| 170 | 208.51 | 230.32 |
| Users | Latency (in ms) | Requests/Second |
|---|---|---|
| 10 | 52.48 | 15.91 |
| 20 | 51.49 | 32.04 |
| 30 | 50.3 | 47.9 |
| 40 | 50.24 | 63.89 |
| 50 | 51.16 | 79.64 |
| 60 | 50.55 | 95.58 |
| 70 | 50.06 | 111.63 |
| 80 | 50.77 | 127.37 |
| 90 | 52.72 | 142.24 |
| 100 | 52.18 | 158.68 |
| 110 | 52.46 | 174.1 |
| 120 | 52.8 | 190.25 |
| 130 | 53.15 | 205.69 |
| 140 | 55.26 | 220.93 |
| 150 | 56.17 | 236.81 |
| 160 | 53.87 | 251.22 |
| 170 | 60.46 | 267.41 |
| 180 | 62.33 | 281.99 |
| 190 | 66.43 | 297.02 |
| 200 | 80.97 | 307.74 |
| 210 | 71.14 | 325.77 |
| 220 | 77.08 | 339.69 |
| 230 | 77.8 | 354.7 |
| 240 | 81.19 | 370.32 |
| 250 | 86.06 | 382.11 |
| 260 | 92.22 | 394.97 |
| 270 | 109.74 | 403.54 |
| 280 | 110.55 | 417.67 |
| 290 | 125.74 | 423.94 |
| 300 | 141.03 | 432.21 |
| 310 | 150.11 | 440.78 |
| 320 | 185.76 | 444.04 |
| 330 | 236.00 | 441.39 |
Comparison Graphs
Specification 2: Standalone vs Two-Node Cluster with Load Balancer
Physical Appliance
| Server Location | Client Location |
|---|---|
| San Jose | us-central1-a |
CipherTrust Manager Configuration
| System Volume | Memory | CPUs | NICs |
|---|---|---|---|
| 2 TB | 16 GB | 1 with 4 Cores | 1 |
Simulated the wrap requests for Google Workspace CSE on the CipherTrust Manager deployed on a physical appliance using the k6 tool. The following table shows the handled number of requests per second (RPS), with approximate latency, and the number of virtual users for different data sample for three runs.
| Users | Latency (in ms) | Requests/Second |
|---|---|---|
| 10 | 80.15 | 15.39 |
| 20 | 89.215 | 30.445 |
| 30 | 98.28 | 45.5 |
| 40 | 120.895 | 59.465 |
| 50 | 143.51 | 73.43 |
| 60 | 153.75 | 87.055 |
| 70 | 163.99 | 100.68 |
| 80 | 195.385 | 111.815 |
| 90 | 226.78 | 122.95 |
Comparison Graphs
Physical Appliance vs AWS Cloud vs Google Cloud
Recommendations
Assumption
Each user has 3 documents open and is editing them resulting in an autosave every 30 seconds, that is, 3/30=0.1 transactions per second (tps) per user.
Number of users = (throughput for around 200 ms latency)/0.1
Google Cloud
Response time compliance of around 200 ms was met for a maximum throughput of 83.95 operations per second with a standalone CipherTrust Manager k170v instance with 4 CPUs and 16 GB RAM.
The approximate number of users this configuration can handle is 840.
Response time compliance of around 200 ms was met for a maximum throughput of 131.10 operations per second with a two-node CipherTrust Manager k170v cluster (each node with 4 CPUs and 16 GB RAM) connected with a Google Cloud load balancer.
The approximate number of users this configuration can handle is 1311.
Response time compliance of around 200 ms was met for a maximum throughput of 178.97 operations per second with a standalone CipherTrust Manager k470v instance with 8 CPUs and 64 GB RAM.
The approximate number of users this configuration can handle is 1790.
Response time compliance of around 200 ms was met for a maximum throughput of 316.09 operations per second with a two-node CipherTrust Manager k470v cluster (each node with 8 CPUs and 64 GB RAM) connected with a Google Cloud load balancer.
The approximate number of users this configuration can handle is 3161.
AWS Cloud
Response time compliance of around 200 ms was met for a maximum throughput of 100.00 operations per second with a standalone CipherTrust Manager k170v instance with 4 CPUs and 16 GB RAM.
The approximate number of users this configuration can handle is 1000.
Response time compliance of around 200 ms was met for a maximum throughput of 183.81 operations per second with a two-node CipherTrust Manager k170v cluster (each node with 4 CPUs and 16 GB RAM) connected with an AWS load balancer.
The approximate number of users this configuration can handle is 1838.
Response time compliance of around 200 ms was met for a maximum throughput of 228.05 operations per second with a standalone CipherTrust Manager k470v instance with 8 CPUs and 64 GB RAM.
The approximate number of users this configuration can handle is 2281.
Response time compliance of around 200 ms was met for a maximum throughput of 444.04 operations per second with a two-node CipherTrust Manager k470v cluster (each node with 8 CPUs and 64 GB RAM) connected with an AWS load balancer.
The approximate number of users this configuration can handle is 4440.
Conclusion
The number of users and throughput almost doubles up on moving from CipherTrust Manager k170v to k470v. Moreover, adding an additional node to the cluster also doubles up the throughput. Overall, a performance gain of 400 percent is achieved by moving from a standalone CipherTrust Manager k170v to a two-node CipherTrust Manager k470v cluster.
