12.6.2.5.1. Scaling example

The following expected performance is based on measurements with the described hardware and configuration:

Assumed hardware/OS for IAM

  • CPU: 2x 8 Cores/16 Threads at 2.1 GHz
  • RAM: 32 GB
  • Disk: 2x 1 TB SATA (RAID 1)
  • OS: CentOS 7
  • IAM Version: 7.1

Assumed configuration

  • Configuration as described in 12.6.2. NextGenPSD2 (Berlin Group) with Airlock Secure Access Hub with the following changes
  • No certificate status checkers are configured: 
    • It is strongly recommended to use the "Caching Certificate Status Checker" plugin.
    • The caching status checker keeps CRL and OCSP results in memory for a while. It will not add significant time to request processing.
    • OCSP checks and fetching CRLS (in case of cache misses) may make single bank API requests slower (depending on network an OCSP/CRL server performance)
  • Audit Logger logs to local Airlock IAM disk
    • We strongly recommend to send request signature logs to separate log hosts (so no sensitive banking data is stored in IAM log files)
    • Forwarding logs may add time to request processing. This depends on the log forwarding method, the network and the logging host performance
  • Use signed JWTs for Identity Propagation

Other assumptions

  • The performed tests only measured the IAM performance and did not involve Airlock Gateway (WAF).
  • The performed tests are based on a very performant network connection between the client, the Airlock Gateway (WAF) and IAM.
  • The performed test are based on a fast Oracle database (based on similar hardware as IAM but with an SSD).
  • The tested Airlock IAM was not subject to any other load.

Expected performance

With the setup described above, the following performance may be expected:

  • 1000 bank API requests per second
  • 50ms latency added to each request (90% percentile)