Gary Flynn <[EMAIL PROTECTED]> writes: > I'd be interested in hearing about others' experiences on > the impact of stunnel or SASL on server resources. Any > thoughts on the relative merits of either architecture > of providing SSL sessions would also be appreciated. We'll > need to protect both the IMAP and IMSP sessions. > > Some background: > > 1) We're running an older version of Cyrus and, for a variety > of reasons, are hesitant about upgrading to the 2.x version > at this point in time if we can implement SSL sessions robustly > without doing the upgrade. > > 2) We have about 4000 simultaneous users at peak times. Two years > ago, we saw peak authentication request rates of 18/second. Its > likely higher now. > > 3) We've had CPU utilization issues in the past attributed to > authentication overhead on HPUX. Hardware is an HP V2250 running > hpux 11 with 4 CPUs and 6GB of memory.
I believe TLS would eat non-neglible amount of CPU for your setup. I would split your users to multiple servers to start with. Or use front ends which is the TLS endpoint, and proxies the session to the right server, then the mail server doesn't need to do TLS as well.
