Powershell over SSL, performance?

Welcome Forums General PowerShell Q&A Powershell over SSL, performance?

This topic contains 2 replies, has 2 voices, and was last updated by

 
Participant
1 year, 8 months ago.

  • Author
    Posts
  • #66597

    Participant
    Points: 151
    Helping Hand
    Rank: Participant

    Hi all,

    Testing on my lab VM's to use SSL for Powershell remoting.
    Got it working but it seems really slow compared to the same command not using SSL.
    These are not large VM's (CPU/MEM) so I'm not sure that is the reason.
    But I was a bit suprised that the same command was 34 times slower using SSL.

    Command with SSL: 11294ms
    Command without SSL: 326ms

    Anyone using SSL for PS remoting in production and could pull some numbers?

    Used the following test:

    Measure-Command {Invoke-Command -ComputerName servername -Port 5986 -UseSSL -ScriptBlock { Write-Output "$($env:ComputerName)" }}
    

    The SSL certificate I've used is from a standalone windows CA so it's not a "self signed" certificate.

    Thanks in advance.

  • #66615

    Keymaster
    Points: 1,638
    Helping HandTeam Member
    Rank: Community Hero

    I'm accustomed to seeing things run a wee bit more slowly; obviously, encrypting the traffic adds overhead on both ends, just as it does on a web server. If you're seeing a LOT of slowdown, I'd blame the machines, yes. SSL is fairly memory-intensive and can load the CPU, especially if the CPU is already running borderline. The WinRM service isn't as optimized for the task as IIS perhaps is. A 34x multiplier wouldn't shock me if you're getting CPU- or memory-bound – those things tend to exacerbate logarithmically, especially if you get really memory-bound and start paging to slow virtual disk I/O.

    You can do a Wireshark trace to see if there's an obvious point of slowdown. E.g., is it the initial SSL connection? Is it waiting for the command to run? Being able to see the distinct phases of the conversation will reveal if there are specific points where SSL is slower than non-SSL.

  • #66622

    Participant
    Points: 151
    Helping Hand
    Rank: Participant

    Thanks for the input Don, I'll do some more checking and see if I can identify what takes most of the time.

The topic ‘Powershell over SSL, performance?’ is closed to new replies.