EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Many requests at the same time

Also by EldoS: RawDisk
Access locked and protected files in Windows, read and write disks and partitions and more.
#35553
Posted: 01/14/2016 10:49:34
by Akin Aksu (Standard support level)
Joined: 03/23/2015
Posts: 1

Hi,

Basicly, we are trying to sign xml by a Web Service. This web service is hosted in IIS and it can be called simultaneously by many people, many requests. We are having our tests 5-6 requests at same time(even same seconds, miliseconds).

Firstly, we tried a new TElPKCS11CertStorage object for each request, and open a new session for every request too but we had errors.

Secondly, we tried a static TElPKCS11CertStorage object and each requests are forwarded to that object, then opened a new session it seem ok but TElPKCS11CertStorage object had a lot of sessions(have seen ~70). Even though we Close and Dispose session object, TElPKCS11CertStorage seem still had sessions(SessionCount increased dramatically).

On Third approach, we tried a static TElPKCS11CertStorage object and a static one session. Every request forwarded to them. This time sessions were ok, but under load we couldn't get TElPKCS11CertStorage's Modules. Module.SlotCount seen 0.

Apart from those approachs, when we restart our IIS Web Server, make only 1 request. Then make requests to web service, everything is ok. The problem comes out like when we restart our web server and make 5-6 request at same time, IIS keeps this requests waiting, and IIS prepares its libraries etc.(whatever it does, first request on IIS is always slow) This small interval makes requests are delivered to our code at same time, same seconds, maybe same miliseconds. At moment our Library stops working. When it's stopped even I sent only one request, still it doesn't work. I tried Close, Dispose and reOpen TElPKCS11CertStorage it doesnt work. The only way it work is resetting IIS and hoping for not having incoming requests. It's like when I Close and Dispose TElPKCS11CertStorage object, still there is something left.

Thanks for your support.
#35555
Posted: 01/14/2016 10:58:58
by Eugene Mayevski (EldoS Corp.)

The simplest option to start with is
1) create one instance of TElPKCS11CertStorage
2) open exactly one session
3) dedicate a worker thread which will handle signing requests from other threads by using TElPKCS11CertStorage . This will create a certain bottleneck, however 5-6 requests at the same time should not be a problem *given that* your PKCS11 hardware is fast. USB cryptotoken won't be able to handle such amount of work. Only industry-level systems will.

All other approaches with opening several sessions, running several instances of TElPKCS11CertStorage etc, are very much dependent on the actual hardware, and to address the problems that appear from such use we'd need to reproduce all this configuration locally and invest significant time in experiments. This is doable, but can be done only as a custom service, for a fee.


Sincerely yours
Eugene Mayevski

Reply

Statistics

Topic viewed 941 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!