Author Posts

March 16, 2017 at 12:03 pm

Hi all,

Testing on my lab VM's to use SSL for Powershell remoting.
Got it working but it seems really slow compared to the same command not using SSL.
These are not large VM's (CPU/MEM) so I'm not sure that is the reason.
But I was a bit suprised that the same command was 34 times slower using SSL.

Command with SSL: 11294ms
Command without SSL: 326ms

Anyone using SSL for PS remoting in production and could pull some numbers?

Used the following test:

Measure-Command {Invoke-Command -ComputerName servername -Port 5986 -UseSSL -ScriptBlock { Write-Output "$($env:ComputerName)" }}

The SSL certificate I've used is from a standalone windows CA so it's not a "self signed" certificate.

Thanks in advance.

March 16, 2017 at 2:24 pm

I'm accustomed to seeing things run a wee bit more slowly; obviously, encrypting the traffic adds overhead on both ends, just as it does on a web server. If you're seeing a LOT of slowdown, I'd blame the machines, yes. SSL is fairly memory-intensive and can load the CPU, especially if the CPU is already running borderline. The WinRM service isn't as optimized for the task as IIS perhaps is. A 34x multiplier wouldn't shock me if you're getting CPU- or memory-bound – those things tend to exacerbate logarithmically, especially if you get really memory-bound and start paging to slow virtual disk I/O.

You can do a Wireshark trace to see if there's an obvious point of slowdown. E.g., is it the initial SSL connection? Is it waiting for the command to run? Being able to see the distinct phases of the conversation will reveal if there are specific points where SSL is slower than non-SSL.

March 16, 2017 at 3:01 pm

Thanks for the input Don, I'll do some more checking and see if I can identify what takes most of the time.