The performance of OneSpan Authentication Server 3.27.0 has been tested with a pre-defined baseline to compare with earlier versions.
Performance test setup
Performance test scenarios
Performance data was gathered using the following methods:
An authenticator import was performed.
User records were created.
Authenticators were assigned to users.
Test timing:
Authentication performance tests were run for ten minutes for each test.
Test types:
Typical load, 20 authentications per second
Typical peak load, 100 authentications per second
Maximum capacity
Collected data:
Average authentications per second
Average response times
Response time distribution
OneSpan Authentication Server CPU usage
Database server CPU usage
Only authentications were performed. Other server commands, e.g. administration, were not measured. These typically perform faster.
Performance test hardware
OneSpan Authentication Server was installed, configured, and run on an application server in the configurations given below. The OneSpan Authentication Server service, the database, and the performance test software were run on individual, exclusive virtual machines on separate VMWare ESXi servers with the following hardware:
ProLiant DL360 G7
64 GB RAM
200 GB high performance SSD
16 GB SD
Network Switch
HP Procurve 2810-48G
Network
2 * HP NC382i Dual Port Multifunction Gigabit Svr Adapter
HP NC360TOCUe DP Gbit Adapter
Software environments
Table: Software environments used for testing lists the different software environments used for the performance tests.
| Deployment | Operating system | User/authenticator volume | Database configuration |
|---|---|---|---|
| A | CentOS 7 | 30,000 users and authenticators | Embedded MariaDB 10.2.16 |
| B | CentOS 7 | 800,000 users 1,200,000 authenticators | Oracle Database 12c |
Configuration
SOAP over SSL as communication protocol
Auditing to database
Tracing disabled
Test definition
Authenticator record import via SOAP.
User import and assign: Import via SOAP.
Authentication was performed using one-time password.
Software encryption using software security module (SSM).
Results
The following tables show the results for different test criteria.
| Action | Configuration A | Configuration B |
|---|---|---|
| Authenticator import | 00h 32m 32s | 17h 10m 38s |
| User creation | 00h 10m 05s | 05h 51m 46s |
| Authenticator assignment | 00h 25m 38s | 06h 31m 47s |
| Benchmarks | Configuration A | Configuration B |
|---|---|---|
| Avg. authentications/sec | 20 | 20 |
| Avg. response times (ms) | 31 | 41 |
| Response time distribution (%) <50ms | 99,6% | 98% |
| Response time distribution (%) <300ms | 0,4% | 2% |
| Response time distribution (%) <1000ms | 0% | 0% |
| Avg. OneSpan Authentication Server CPU load (%) | 4% | 7% |
| Avg. database CPU load (%) | 2% | 3% |
| Benchmarks | Configuration A | Configuration B |
|---|---|---|
| Avg. authentications/sec | 100 | 100 |
| Avg. response times (ms) | 40 | 59 |
| Response time distribution (%) <50ms | 98% | 21% |
| Response time distribution (%) <300ms | 2% | 79% |
| Response time distribution (%) <1000ms | 0% | 0% |
| Avg. OneSpan Authentication Server CPU load (%) | 25% | 32% |
| Avg. database CPU load (%) | 12% | 13% |
| Benchmarks | Configuration A | Configuration B |
|---|---|---|
| Avg. authentications/sec | 294 | 255 |
| Avg. response times (ms) | 131 | 116 |
| Response time distribution (%) <50ms | 2% | 0,4% |
| Response time distribution (%) <300ms | 92% | 99% |
| Response time distribution (%) <1000ms | 6% | 0,6% |
| Avg. OneSpan Authentication Server CPU load (%) | 84% | 85% |
| Avg. database CPU load (%) | 54% | 38% |
Variations
Auditing and reporting
Auditing has a performance impact on OneSpan Authentication Server. For deployments using multiple OneSpan Authentication Server instances, consider one OneSpan Authentication Server instance dedicated to auditing and other administrative tasks, or using a separate auditing database.
Tracing
Enabling tracing has a significant performance impact on OneSpan Authentication Server.