Powershell over SSL, performance?

This topic contains 2 replies, has 2 voices, and was last updated by  Fredrik Kacsmarck 7 months ago.

  • Author
    Posts
  • #66597

    Fredrik Kacsmarck
    Participant

    Hi all,

    Testing on my lab VM's to use SSL for Powershell remoting.
    Got it working but it seems really slow compared to the same command not using SSL.
    These are not large VM's (CPU/MEM) so I'm not sure that is the reason.
    But I was a bit suprised that the same command was 34 times slower using SSL.

    Command with SSL: 11294ms
    Command without SSL: 326ms

    Anyone using SSL for PS remoting in production and could pull some numbers?

    Used the following test:

    Measure-Command {Invoke-Command -ComputerName servername -Port 5986 -UseSSL -ScriptBlock { Write-Output "$($env:ComputerName)" }}
    

    The SSL certificate I've used is from a standalone windows CA so it's not a "self signed" certificate.

    Thanks in advance.

  • #66615

    Don Jones
    Keymaster

    I'm accustomed to seeing things run a wee bit more slowly; obviously, encrypting the traffic adds overhead on both ends, just as it does on a web server. If you're seeing a LOT of slowdown, I'd blame the machines, yes. SSL is fairly memory-intensive and can load the CPU, especially if the CPU is already running borderline. The WinRM service isn't as optimized for the task as IIS perhaps is. A 34x multiplier wouldn't shock me if you're getting CPU- or memory-bound – those things tend to exacerbate logarithmically, especially if you get really memory-bound and start paging to slow virtual disk I/O.

    You can do a Wireshark trace to see if there's an obvious point of slowdown. E.g., is it the initial SSL connection? Is it waiting for the command to run? Being able to see the distinct phases of the conversation will reveal if there are specific points where SSL is slower than non-SSL.

  • #66622

    Fredrik Kacsmarck
    Participant

    Thanks for the input Don, I'll do some more checking and see if I can identify what takes most of the time.

You must be logged in to reply to this topic.