13.Cluster-based Web Servers

An SSL Back-End Forwarding Scheme in Cluster-Based Web Servers Jin-Ha Kim, Member , IEEE , Gyu Sang Choi, Member , IEEE , and Chita R. Das, Fellow , IEEE Abstract —State-of-the-art cluster-based data centers consisting of three tiers (Web server, application server, and database server) are being used to host complex Web services such as e-commerce applicatio ns. The application server handles dynamic and sensitive Web contents that need protection from eavesdropping, tampering, and forgery. Although the Secure Sockets Layer (SSL) is the most popular protocol to prov ide a secu re chan nel between a clie nt and a clus ter- bas ed netw ork serv er, its highoverheaddegrades the serv er performance considerably and, thus, affects the server scalability. Therefore, improving the performance of SSL-enabled network servers is critical for designing scalable and high-performance data centers. In this paper, we examine the impact of SSL offering and SSL-session-aware distribution in cluster-based network servers. We propose a back-end forwarding scheme, called ssl_with_bf , that employs a low-overhead user-level communicat ion mechanism like Virtual Interface Archite cture (VIA) to achieve a good load balance amon g serv er node s. We comp are thre e dist ribution models for network servers,Roun d Robin (RR) , ssl_with_session , and ssl_with_bf , through simulation. The experimental results with 16-node and 32-node cluster configurations show that, although the session reuse of ssl_with_session is critical to improve the performance of application servers, the proposed back-end forwarding scheme can further enhance the performance due to better load balancing. The ssl_with_bf scheme can minimize the average latency by about 40 percent and improve throughput across a variety of workloads. Index Terms—Secure Sockets Layer, cluster, Web servers, application server layer, load distribution, user-level communication. Ç 1 INTRODUCTION D UE to the growin g popular ity of the Inter net , dat a center s/network ser ver s are ant icip ated to be the bottleneck in hosting network-based services, even though the network bandwidth continues to increase faster than the ser ver capaci ty [22 ]. It has bee n obs erved tha t net wor k serve rs con tr ibute to appr oxi mately 40 perce nt of the ove ral l del ay, and thi s del ay is likely to gro w wit h the incre asing use of dynamic Web contents [22]. For Web-based applications, a poor response time has significant financial implications [20]. For example, E-Biz [36] reported about $1.9 billion loss in revenue in 1998 due to the long response time resulting from the Secure Sockets La yer (SS L) [35] , which is commonly used for secur e communica tion bet wee n cli ent s and Web servers. Eve n tho ugh SSL is the de fac to sta nda rd for trans port layer securi ty, its hig h overhe ad and poor scalabilit y are two major problems in desig ning secure large -scale network servers. Deployment of SSL can decrease a server’s capacity by up to two orders of magnitude [2]. In additi on, the ove rhead of SSL becomes eve n mor e severe in application servers. Application servers provide dynamic contents and the contents require secure mechan- isms for pro tec tion. Gen era ting dyn amic con ten t takes about 100 to 1,000 times longer than simply reading static con ten t [20 ]. Moreover, sin ce stat ic cont ent is seldo m updated, it can be easily cached. Several efficient caching algorithms [32], [11] have been proposed to reduce latency and increase throughput of front-end Web services. How- ever, bec ause dyn ami c conten t is gen era ted dur ing the execution of a program, caching dynamic content is not an efficient option like caching static content. Rec ent ly, a multit ude of net wor k ser vic es have been designed and evaluated using cluster platforms [26], [25]. Specifically, the design of distributed Web servers has been a maj or res ear ch thr ust to improve the throu ghput and response time [9], [32], [24]. PRESS [12] is the first Web server model that exploits user-level communication in a cluster-based Web serve r. Our pre vious work in [23 ] reduces the response time in a cluster-based Web server using coscheduling schemes. In this paper, first , we invest iga te the impac t of SSL offe ring in clus ter -bas ed networ k ser ver s, focusing on application servers, which mainly provide dynamic content. Second, we show the possible performance improvement when the SSL-session reuse scheme is utilized in cluster- ba sed ser ver s. The SSL- ses sion reu se sch eme has bee n tested on a single Web server node in [7] and extended to a cluster system that consisted of three Web servers in [6]. In this paper, we explore the SSL-session reuse scheme using 16-node and 32-node cluster systems with various levels of wor kload. Thi rd, we propose a back-end for war ding mechanism by exploi ting the low-overhead user -leve l 946 IEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS, VOL. 18, NO. 7, JULY 2007 . J.- H. Kim is wit h the Re sea rch and Develo pme nt Cen ter , Sam sun g Networks, 8-11F, ASEM Tower, World Trade Center, 159-1, Samsung- Dong, Kangnam-Ku, Seoul, Korea 135-798. E-mail: peanut.kim @samsung.co m. . G.S. Choi is with the Samsung Advanced Institute of Technology (SAIT), Samsung Electronics, Mt. 14-1, Nong-seo-Dong, Giheung-Gu, Yongin-Si, Gyeonggi- Do, Korea 446-712. E-mail: gsc121.cho [email protected] m. . C.R. Das is with the Department of Computer Science and Engineering, Pennsylvania State University, 354F IST Building, University Park, PA 16802. E-mail: [email protected]. Manuscript received 4 Apr. 2006; revised 31 July 2006; accepted 10 Aug. 2006; published online 9 Jan. 2007. Recommended for acceptance by R. Iyer. For information on obtaining reprints of this article, please send e-mail to: [email protected], and reference IEEECS Log Number TPDS-0081-0406. Digital Object Identifier no. 10.1109/TPDS.2007.1062. 1045-9219/07/$25.00 ß 2007 IEEE Publ ished b y th e IEEE Computer Soci ety

Documents

13.Cluster-based Web Servers