Randy George


Upcoming Events

Where the Cloud Touches Down: Simplifying Data Center Infrastructure Management

Thursday, July 25, 2013
10:00 AM PT/1:00 PM ET

In most data centers, DCIM rests on a shaky foundation of manual record keeping and scattered documentation. OpManager replaces data center documentation with a single repository for data, QRCodes for asset tracking, accurate 3D mapping of asset locations, and a configuration management database (CMDB). In this webcast, sponsored by ManageEngine, you will see how a real-world datacenter mapping stored in racktables gets imported into OpManager, which then provides a 3D visualization of where assets actually are. You'll also see how the QR Code generator helps you make the link between real assets and the monitoring world, and how the layered CMDB provides a single point of view for all your configuration data.

Register Now!

A Network Computing Webinar:
SDN First Steps

Thursday, August 8, 2013
11:00 AM PT / 2:00 PM ET

This webinar will help attendees understand the overall concept of SDN and its benefits, describe the different conceptual approaches to SDN, and examine the various technologies, both proprietary and open source, that are emerging. It will also help users decide whether SDN makes sense in their environment, and outline the first steps IT can take for testing SDN technologies.

Register Now!

More Events »

Subscribe to Newsletter

  • Keep up with all of the latest news and analysis on the fast-moving IT industry with Network Computing newsletters.
Sign Up

See more from this blogger

Get Ready For The Impact Of 2048-bit RSA Keys

If you've had to renew an SSL certificate for any of your critical infrastructure delivery devices recently, then you probably took notice of the need to generate and deliver at least a 2048-bit CSR to your Certificate Authority of choice. While this new standard may have little impact on you, for others the impact may be huge.

It dawned on me a few months back when the SSL Cert on my Bluesocket Wireless Controller expired. I started by generating a new CSR on my Bluesocket, I then logged onto GoDaddy to purchase a new cert and low and behold, GoDaddy wouldn't accept my 1024-bit CSR. No big deal, I thought, I'll just open the Bluesocket and generate a 2048-bit CSR. Unfortunately, I couldn't do it without a code upgrade. The key takeaway is to keep an eye out for any SSL-enabled devices in your environment that might require updates in order to support the new key length standard.

In special advisory (800-57), NIST advises that 1024-bit RSA keys will no longer be viable after 2010.  The recommendation, which has been broadly adopted, is to move to 2048-bit keys, which should be viable until 2030, according to NIST. This change has prompted a number of vendors to bolster their SSL acceleration offerings.  A recent Citrix Netscaler PR release points out that that the doubling of the key size from 1024-bit to 2048-bit increases CPU computational requirements from 4x to 8x.  As a result, if you're managing any externally facing services, or commerce related services that are highly SSL dependent and already have high concurrent connect counts, it makes sense to assess the performance implications of jumping to 2048-bit keys before you make the leap, if you haven't already.

Jordan Sissel from semicomplete.com recently did some interesting performance testing on the CPU and network impact of running SSL at various key lengths. His analysis offers a valuable lesson as you plan for the performance impact of 2048 and 4096 bit keys. To summarize, while offloading SSL to a hardware appliance can be valuable computationally, the network latency impact of processing a large number of SSL handshakes can often introduce the bulk of any perceived delays on the front end. There's not a whole lot you can do about latency, aside from strategically locating services and load balancing appropriately.  

The upshot is that if you're moving to 2048-bit keys or higher anytime soon, make sure you assess the performance implications of that move.   

Randy George is a systems analyst and network engineer. Read other stories by him at informationweek.com/randygeorge.


Related Reading


More Insights


Network Computing encourages readers to engage in spirited, healthy debate, including taking us to task. However, Network Computing moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing/SPAM. Network Computing further reserves the right to disable the profile of any commenter participating in said activities.

 
Disqus Tips To upload an avatar photo, first complete your Disqus profile. | Please read our commenting policy.
 
Vendor Comparisons
Network Computing’s Vendor Comparisons provide extensive details on products and services, including downloadable feature matrices. Our categories include:

Research and Reports

Network Computing: April 2013



TechWeb Careers