Performance considerations on load and configuration

With modern hardware, the Airlock Gateway is capable of answering several thousand HTTP requests per second. However, the actual performance depends heavily on the protected applications and the activated Airlock Gateway functions.

  • Airlock Anomaly Shield enabled.
  • URL encryption and content rewriting can easily double the CPU load.
  • Long-running requests, WebSockets and NTLM-passthrough connections reduces the number of requests that can be handled with the same hardware.

Assumptions for performance numbers

Performance numbers are based on a number of assumptions.

  • The most important are:
  • The average application response time is 200 ms.
  • 10 HTTP requests per minute and user on average.
  • Complex Airlock Gateway features are enabled, e.g., HTML Rewriting, General Response Rewriting, Deny Rules.

Also, a large number of mappings can be a limiting factor, even though is not technically limited by the Airlock Gateway Configuration Center.

  • Airlock Gateway has been tested with up to:
  • 1000 mappings
  • 300 virtual hosts
  • 300 back-end groups
  • We recommend not to exceed these limits to avoid slow response time and memory issues in the Configuration Center or the Security Gate process.

The average system load should be low to medium. Increase hardware or set up an additional Airlock Gateway before slow reactions, timeouts, or instabilities can occur.

  • When dealing with a large number of mappings:
  • Use Dynamic back-end group selection to reduce the complexity of your configuration and to significantly reduce the number of mappings in the Airlock Gateway Configuration Center.
  • If java.lang.OutOfMemoryError occur in the Configuration Center or the Airlock Gateway Management Agent due to large configurations:
  • Increase the Java Heap Space.