The following expected performance is based on measurements with the described hardware and configuration:
Assumed hardware/OS for IAM
- CPU: 2x 8 Cores/16 Threads at 2.1 GHz
- RAM: 32 GB
- Disk: 2x 1 TB SATA (RAID 1)
- OS: CentOS 7
- IAM Version: 7.1
Assumed configuration
- Configuration as described in NextGenPSD2 (Berlin Group) with Airlock Secure Access Hub with the following changes
- No certificate status checkers are configured:
- It is strongly recommended to use the "Caching Certificate Status Checker" plugin.
- The caching status checker keeps CRL and OCSP results in memory for a while. It will not add significant time to request processing.
- OCSP checks and fetching CRLS (in case of cache misses) may make single bank API requests slower (depending on network an OCSP/CRL server performance)
- Audit Logger logs to local Airlock IAM disk
- We strongly recommend to send request signature logs to separate log hosts (so no sensitive banking data is stored in IAM log files)
- Forwarding logs may add time to request processing. This depends on the log forwarding method, the network and the logging host performance
- Use signed JWTs for Identity Propagation
Other assumptions
- The performed tests only measured the IAM performance and did not involve Airlock Gateway (WAF).
- The performed tests are based on a very performant network connection between the client, the Airlock Gateway (WAF) and IAM.
- The performed test are based on a fast Oracle database (based on similar hardware as IAM but with an SSD).
- The tested Airlock IAM was not subject to any other load.
Expected performance
With the setup described above, the following performance may be expected:
- 1000 bank API requests per second
- 50ms latency added to each request (90% percentile)