Tuning security configurations


We can tune security to balance performance with function. You can achieve this balance following considerations for tuning general security, Common Secure Interoperability version 2 (CSIv2), LDAP authentication, Web authentication, and authorization.

Performance issues typically involve trade-offs between function and speed. Usually, the more function and the more processing that are involved, the slower the performance. Consider what type of security is necessary and what we can disable in the environment. For example, if the application servers are running in a Virtual Private Network (VPN), consider whether we can disable SSL. If we have a lot of users, can they be mapped to groups and then associated to the Java EE roles? These questions are things to consider when designing the security infrastructure.

 

 

Results

You always have a trade off between performance, feature, and security. Security typically adds more processing time to the requests, but for a good reason. Not all security features are required in the environment. When you decide to tune security, create a benchmark before making any change to ensure that the change is improving performance.

 

Next steps

In a large scale deployment, performance is very important. Running benchmark measurements with different combinations of features can help you to determine the best performance versus the benefit of configuration for your environment. Continue to run benchmarks if anything changes in the environment, to help determine the impact of these changes.


SSL performance tips
Tuning security performance

 

Related tasks


Tuning, hardening, and maintaining security configurations