Académique Documents
Professionnel Documents
Culture Documents
7, JULY 2007
Abstract—State-of-the-art cluster-based data centers consisting of three tiers (Web server, application server, and database server)
are being used to host complex Web services such as e-commerce applications. The application server handles dynamic and sensitive
Web contents that need protection from eavesdropping, tampering, and forgery. Although the Secure Sockets Layer (SSL) is the most
popular protocol to provide a secure channel between a client and a cluster-based network server, its high overhead degrades the server
performance considerably and, thus, affects the server scalability. Therefore, improving the performance of SSL-enabled network
servers is critical for designing scalable and high-performance data centers. In this paper, we examine the impact of SSL offering and
SSL-session-aware distribution in cluster-based network servers. We propose a back-end forwarding scheme, called ssl_with_bf, that
employs a low-overhead user-level communication mechanism like Virtual Interface Architecture (VIA) to achieve a good load balance
among server nodes. We compare three distribution models for network servers, Round Robin (RR), ssl_with_session, and ssl_with_bf,
through simulation. The experimental results with 16-node and 32-node cluster configurations show that, although the session reuse of
ssl_with_session is critical to improve the performance of application servers, the proposed back-end forwarding scheme can further
enhance the performance due to better load balancing. The ssl_with_bf scheme can minimize the average latency by about 40 percent
and improve throughput across a variety of workloads.
Index Terms—Secure Sockets Layer, cluster, Web servers, application server layer, load distribution, user-level communication.
1 INTRODUCTION
communication to enhance the SSL-enabled network server 2.1 Cluster-Based Data Centers
performance. Fig. 1 depicts the typical architecture of a cluster-based data
To this end, we compare three distribution models in center or network server consisting of three layers: front-
clusters: Round Robin (RR), ssl_with_session, and ssl_with_bf end Web server, mid-level application server, and back-end
(backend_forwarding). The RR model, widely used in Web database server. A Web server layer in a data center is a
clusters, distributes requests from clients to servers using Web system architecture that consists of multiple server
the RR scheme. ssl_with_session uses a more sophisticated nodes interconnected through a System Area Network
distribution algorithm in which subsequent requests of the (SAN). The Web server presents the clients a single system
same client are forwarded to the same server, avoiding view through a front-end Web switch, which distributes the
expensive SSL setup costs. The proposed ssl_with_bf uses requests among the nodes. A request from a client goes
the same distribution policy as the ssl_with_session, but through a Web switch to initiate a connection between the
includes an intelligent load balancing scheme that forwards client and the Web server. When a request arrives at the
client requests from a heavily loaded back-end node to a Web switch, the Web switch distributes the request to one
lightly loaded node to improve the utilization across all of the servers using either a content-aware (Layer-7) or a
nodes. This policy uses the underlying user-level commu- content-oblivious (Layer-4) distribution [11]. The front-end
nication for fast communication. Web server provides static or simple dynamic services. The
Extensive performance analyses with various workload Web resources provided by the first tier are usually open to
and system configurations are summarized as follows: First,
the public and, thus, do not require authentication or data
schemes with reusable sessions, deployed in the ssl_with_
encryption. Hence, the average latency of client requests in
session and ssl_with_bf models, are essential to minimize the
this layer is usually shorter than in the application servers.
SSL overhead. Second, the average latency can be reduced The mid-tier, called the application server, is located
by 40 percent with the proposed ssl_with_bf model
between the Web servers and the back-end database. The
compared to the ssl_with_session model, resulting in im-
application server has a separate load balancer and a
proved throughput. Third, the proposed scheme provides
security infrastructure such as a firewall and should be
high utilization and better load balance across all nodes.
equipped with a support for databases, transaction manage-
The rest of this paper is organized as follows: In Section 2, a
ment, communication, legacy data, and other functionalities
brief overview of cluster-based network servers, user-level
[37]. After receiving a client’s request, an application server
communication, and SSL is provided. Section 3 outlines three
parses and converts it to a query. Then, it sends the
distribution models, including our proposed SSL back-end
generated query to a database and gets back the response
forwarding scheme, and Section 4 presents the simulation
from the database. Finally, it converts the response into an
platform. The performance results are analyzed in Section 5,
HTML-based document and sends it back to the client. The
followed by the related work in Section 6 and the concluding
application server provides important functionalities for
remarks in Section 7.
online business such as online billing, banking, and
inventory management. Therefore, the majority of the
2 BACKGROUND content here is generated dynamically and requires an
In this section, we summarize a generic architecture of a adequate security mechanism.
cluster-based data center, the Virtual Interface Architecture The back-end database layer houses the most confiden-
(VIA), for user-level communication and detail the descrip- tial and secure data. The main communication overhead of
tion of the SSL protocol and performance impact of SSL on a database layer is the frequent disk access through the
the Apache server. Storage Area Network [38].
948 IEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS, VOL. 18, NO. 7, JULY 2007
TABLE 1
The Cost of Cryptographic Algorithms
TABLE 2
Timing Parameters
TABLE 3
Distribution Models Used in Simulation
uniprocessor with a 1-Gbyte memory. Using this cluster, we In addition, we vary the number of ping-pong processes
measured the latency values with the various file sizes. from one to four. In Fig. 5, we show two latency results
Then, we obtained the above equations as a function of the since VIA supports two communication modes: nonblock-
message size (S) using the interpolation method. HTTP_pro- ing and blocking. In both the figures, the results from the
tocol_overhead and HTTP_processing_overhead are the CPU simulator match well with those from the real experiments.
times for the interprocess communication and request These experiments validate the accuracy of the underlying
preprocessing such as path translation, respectively. We communication mechanism.
assume that the dynamic content is generated by FastCGI. Second, to test the timing parameters used for modeling an
The average dynamic content generation rate of FastCGI, SSL-enabled Web server, we compare the throughputs of the
studied in [20], is 2,250 Kbytes per second. We assume that simulator and a single Apache Web server, which is
80 percent of the requests are dynamic and are directed to configured to provide secure connections. We used the
the application servers. The remaining 20 percent are Clarknet trace as the workload for the simulator and the
serviced by the Web servers. Apache Web server. The least recently used (LRU) cache
Based on the client behaviors studied in [31] and [18], we replacement policy is employed in the simulator. Fig. 6 plots
assume that the number of client requests per session the throughput as a function of the number of clients. The
ranges from 1 to 100. The SSL parameters used in the throughput increases until the number of clients is 10, and
simulation are shown in Table 1. after that, it enters the stable region. Fig. 6 shows that the
throughputs of the simulator and Apache server are very
4.2 Distribution Models close. The Clarknet workload is observed, showing that the
Table 3 shows the distribution models used for generating the distribution of transfer sizes closely follows the heavy-tailed
Web files and incoming request intervals. Since many studies
have supported that the characteristics of a Web server follow
the long-tail distribution [17], [33], we use the Pareto
distribution to model the Web file size and the incoming
request intervals. Since the Pareto distribution does not fit
well to model small files, the Lognormal distribution model is
also used [5]. The Lognormal distribution models smaller
Web files ( 10 Kbytes), whereas the Pareto distribution
captures larger files (> 10 Kbytes). In the model, p represents
the maximum size of the Web files, k0 is the minimum file size,
and is the Pareto shape parameter. Since the size of the
dynamic requests is unpredictable, we limit the value of p to
20,000 Kbytes for our simulation. The interarrival time of the
requests is also modeled by Pareto distribution [13], where k
in the interarrival time distribution represents the minimum
arrival interval of the clients. In our simulation, k is varied to
reflect the load of the Web cluster.
4.3 Simulator Validation
The simulator validation consists of two parts: accuracy of
the intracluster communication model and the SSL-enabled
Web server parameters. First, we validate the communica-
tion model of the simulator by measuring the round-trip
time in the 16-node Linux cluster. Fig. 5 shows the latency
numbers obtained from the simulator and from measure-
ments. To measure the round-trip latency, we used a ping-
pong application that exchanges a fixed size of data
between two nodes. A ping-pong program captures the Fig. 5. Round-trip latency comparison. (a) VIA nonblocking mode.
network latency accurately with minimal system overhead. (b) VIA blocking mode.
952 IEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS, VOL. 18, NO. 7, JULY 2007
distribution [19], [8]. Thus, Fig. 6 shows that the file size
distribution models used in this paper are also validated
through this experiment. With the validated simulator, we
next conduct a detailed performance evaluation. All our
simulation results are collected with a 90 percent confidence
interval.
5 PERFORMANCE ANALYSIS
In this paper, we consider two performance metrics: latency
and throughput. Latency is the time between the arrival of a
request at a server and the completion of the request.
Throughput is the number of requests completed per Fig. 7. Average latency and throughput of a 16-node application server.
second. (a) Latency. (b) Throughput.
The latency and throughput results of the three models
(RR, ssl_with_session, and ssl_with_bf) in a 16-node applica- RR cannot yield good performance, we omit the RR results in
tion server are plotted in Fig. 7. The results are measured as the forwarding discussion. Fig. 8 shows the latency and
the k value decreases from 26 to 18, where k is the throughput results in a 32-node application server. The
parameter of the Pareto distribution for the incoming tendency of these results is very similar to the results of the
request interval P ðxÞ ¼ k =xþ1 . When k decreases, the 16-node cluster. The average latency of ssl_with_bf reduces by
request interval becomes shorter and, consequently, the about 40 percent and the throughput of ssl_with_bf increases
load on the servers increases. up to 10 percent compared to ssl_with_session in a 32-node
Fig. 7a shows the average request latency with the RR, cluster environment.
ssl_with_session, and ssl_with_bf models. We can observe that In both results, the range of k values is chosen such that
RR shows the worst performance since subsequent requests the average utilization of the servers lies between 50 percent
from a client are not likely to be forwarded to the same server and 85 percent. When the servers in the cluster are less
that caches the previous session information of the client. loaded than this, the ssl_with_bf scheme does not work since
Thus, CPU cycles are wasted to reauthenticate and negotiate the CPU of each server has enough computation power to
keys between a client and a server. The results of RR show that process all the requests. Beyond this point, because all of the
the SSL setup procedure is the main bottleneck in application servers are overloaded, a load balancing mechanism of the
servers. Therefore, this experiment indicates that, in a cluster- ssl_with_bf scheme among the servers is unnecessary.
based Web server, which provides SSL connections, good Next, to further analyze these latency results, the
performance cannot be obtained with a distribution policy normalized breakdown of the CPU time in a server is
that considers only the cache locality or resource utilization. presented in Fig. 9. The total measured time is the duration
User locality for the reuse of the session information is the in which the Web cluster completes 100,000 requests. The
critical factor to improve performance. Fig. 7a also shows that CPU time is divided into the four categories:
the proposed ssl_with_bf scheme has much lower latency than
the ssl_with_session. Although the difference is not clear in the 1. asymmetric key operation time,
figure because the latency of the RR distributor is too high 2. symmetric key and hash operation time,
compared to the other two models, the latency of ssl_with_bf is 3. the time the CPU needs for servicing static and
about 50 percent less than that of the ssl_with_session. Fig. 7b dynamic jobs such as memory access time and TCP/
plots the throughput results of the three models. Like the Internet Protocol (IP) connection time, and
latency result, the throughput of RR is much lower compared 4. idle time.
to the ssl_with_bf and ssl_with_session models. The ssl_with_bf The RR scheme spends over 90 percent of the CPU time for
model also yields a better throughput compared to ssl_with_ the asymmetric key operation. Even the ssl_with_bf and
session as the load increases. Since Fig. 7 obviously shows that ssl_with_session models also spend the largest portion of the
KIM ET AL.: AN SSL BACK-END FORWARDING SCHEME IN CLUSTER-BASED WEB SERVERS 953
TABLE 4
Normalized Utilization and Standard Deviation of
ssl_with_session to That of ssl_with_bf
Fig. 10. Impact of the session period on performance ðNode ¼ 32Þ. Fig. 11. Latency and throughput variation with file size ðN ¼ 32; k ¼ 20Þ.
(a) Latency. (b) Throughput. (a) Latency. (b) Throughput.
ave to 2 ave, and at the 2 ave point, the latency of In the next experiment, we consider the clients’ access
ssl_with_bf is 90 percent of the ssl_with_session latency. The behavior. Mitzenmacher [27] analyzed the clients’ behavior,
ssl_with_bf latency drops until the period is the 4 ave and which indicates that most of the clients access Web servers
slightly decreases until the 8 ave point. At this point, the with low access rates, whereas a few clients show
latency of ssl_with_bf is about 45 percent of the ssl_with_session aggressive accesses to the Web servers. Therefore, we
latency. divided the clients into two groups: busy clients and
With the lower load ðk ¼ 14Þ, the performance results of normal clients. The busy clients generate frequent requests
the two models are much better than those of k ¼ 12 and the to the servers, whereas the normal clients access the Web
latency drops until the 4 ave point. The throughput resource less frequently. In our experiment, 10 percent of
results of ssl_with_session and ssl_with_bf in Fig. 10b show the requests are from busy clients and 90 percent are from
a similar tendency as the latency results. The ssl_with_bf normal clients. The interval time of requests between the
model yields a better throughput than the ssl_with_session two different scenarios are adjusted to have the same
model over the observation window. The results in Fig. 10 average interval (expected value for the Pareto distribution
indicate that the session period should be at least 4 ave to ¼ k ð 1Þ1 ).
reap the benefits of session reuse. In Fig. 12, we compared four models, ssl_with_bf, mix-
Next, we plot the effect of the average file size on the two ed_ssl_with_bf, ssl_with_session, and mixed_ssl_with_session.
models in a 32-node application server in Fig. 11. The ssl_with_bf and ssl_with_session are the same models used in
average latency of both models increases and throughputs the previous experiments, and mixed_ssl_with_bf and mixed_
decrease when the average file size increases. However, the ssl_with_session are the results with busy and normal clients.
performance of the ssl_with_session model degrades more Fig. 12 shows very interesting results. The latency of
rapidly than the ssl_with_bf model because, when the file mixed_ssl_with_session slightly increases, whereas mixed_ssl_
size becomes large, the load imbalance among the servers in with_bf shows reduced latency up to 40 percent compared to
the cluster increases. the results with homogeneous customers.
The ssl_with_bf model alleviates the load imbalance using The reason why the mixed_ssl_with_bf model shows a
the back-end forwarding algorithm, whereas, in the ssl_with_ better latency is that the busy clients have more requests per
session model, when a node has an outstanding request that session and, thus, the application server can service more
requires to generate a large dynamic content, subsequent requests with less asymmetric key operations. Since the
requests suffer from a large waiting time. Therefore, the asymmetric key negotiation phase is the major performance
latency difference increases as the file size becomes larger. The bottleneck, mixed_ssl_with_bf can yield a better performance
throughput of the two models also decreases with a larger file than ssl_with_bf. mixed_ssl_with_session also has the same
size, but the throughput of ssl_with_bf can remain relatively advantage; however, the high skewness due to the busy
constant until the average file size becomes 45 Kbytes clients makes the imbalance among nodes increasing, which
compared to the ssl_with_session model. offsets this advantage.
KIM ET AL.: AN SSL BACK-END FORWARDING SCHEME IN CLUSTER-BASED WEB SERVERS 955
Through this paper, we assume that 80 percent of the Fig. 13. Latency and throughput when the ratio of the dynamic requests
requests are dynamic and are directed to the application increases. (a) Latency (ms). (b) Throughput.
servers. The remaining 20 percent are serviced by the Web
servers. Fig. 13 shows the throughput and latency results in Extension (JSSE) API to allow the differentiation of resumed
a 32-node cluster when the percentage of dynamic requests SSL connections from new SSL connections.
becomes 90 percent. Fig. 13 shows a similar tendency with Recent studies on data centers have focused on cluster-
Fig. 8. However, the latency and throughput of both the based Web servers [9], [12], [23], and the following works are
models become worse because increasing dynamic requests related to our research. Aron et al. [9] have proposed the back-
require additional CPU computation time. Fig. 14 shows the end request forwarding scheme in cluster-based Web servers
throughput results when the interval of the distributor for for supporting HTTP1.1 persistent connections. The client
gathering load information of the servers varies (300 ms, requests are directed by a content-blind Web switch to a Web
600 ms, 1,000 ms, and 2,000 ms) in a 32-node cluster. As server in the cluster by a simple distribution scheme such as
expected, the throughput degrades as the period of the the RR Domain Name System (DNS). The first node that
distributor becomes larger. receives the request is called the initial node. The initial node
parses the request and determines whether to service it
6 RELATED WORK locally or forward it to another node based on the cache and
In this section, we summarize the prior studies related to load balance information. The forwarded request is sent back
this work. In a single Web server environment, the cost of to the initial node for responding to the client. However, this
the SSL layer was studied by Apostolopoulos et al. [7] using
the Netscape Enterprise Server and Apache Web server,
and it was shown that the session reuse is critical for
improving the performance of Web servers. This study was
extended to a cluster system that was composed of three
Web server nodes [6]. The paper described the architecture
of the L5 system and presented two application experi-
ments: routing HTTP session based on Uniform Resource
Locators (URLs) and session-aware dispatching of SSL
connections. The SSL-session reuse scheme is also investi-
gated in [21], which presented a session-based adaptive
overload control mechanism based on SSL connections
differentiation and admission control. Guitart et al. [21]
proposed a possible extension of the Java Secure Socket Fig. 14. Throughput of ssl_with_bf as a function of the distributor period.
956 IEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS, VOL. 18, NO. 7, JULY 2007
study does not consider the impact of user-level communica- essential for minimizing the SSL overhead. Second, the
tion and SSL-enabled application servers. average latency can be reduced by about 40 percent with the
The first effort that has analyzed the impact of user-level ssl_with_bf model compared to the ssl_with_session model,
communication on distributed Web servers is the PRESS resulting in improved throughput. Third, ssl_with_bf yields
model [12]. The clients in the PRESS model communicate a better performance with the mixed clients, whereas the
with the cluster using TCP over a Fast Ethernet, whereas the performance of the ssl_with_session model is degraded due
intracluster communication uses VIA over connectionless to the increasing skewness. Finally, ssl_with_bf is more
local area network (cLAN) [12]. It was shown that the server robust than ssl_with_session in handling variable file sizes.
throughput can improve up to 30 percent by deploying All of these results indicate that the proposed back-end
VIA. Our previous work in [23] shows that, in addition to forwarding scheme is a viable mechanism for improving
taking advantage of a user-level communication scheme, the performance of secure cluster-based network servers.
coscheduling of the communicating processes reduces the
average response time by an additional 25 percent. Due to
the low cost of the intracluster communication, reading a ACKNOWLEDGMENTS
file from a remote cache turns out to be faster than reading This research was supported in part by US National Science
the file from the local disk. Implementation on an 8-node Foundation (NSF) Grants EIA-0202007, CCF-0429631, and
cluster showed that PRESS can improve the server CNS-0509251.
throughput by about 29 percent compared to the TCP/IP
model. Zhou et al. [38] have deployed VIA between a
database server and the storage subsystem. They imple- REFERENCES
mented the interface, called Direct Storage Access (DSA), to [1] “SSLeay Description and Source,” http://www2.psy.uq.edu.au/
support the Microsoft SQL Server to use VI. However, none ftp/Crypto/, 2007.
of these studies has investigated the application server [2] S. Abbott, “On the Performance of SSL and an Evolution to
Cryptographic Coprocessors,” Proc. RSA Conf., Jan. 1997.
performance with SSL offering. [3] C. Allen and T. Dierks, The TLS Protocol Version 1.0, IETF Internet
Amza et al. [4] have explored the characteristics in draft, work in progress, Nov. 1997.
several Web sites, including auction, online bookstore, and [4] C. Amza, A. Chanda, A.L. Cox, S. Elnikety, R. Gil, E. Cecchet, J.
bulletin board sites, using synthetic benchmarks. In their Marguerite, K. Rajamani, and W. Zwaenepoel, “Specification and
Implementation of Dynamic Web Site Benchmarks,” Proc. IEEE
study, the online bookstore benchmark reveals that the CPU Fifth Ann. Workshop Workload Characterization (WWC-5), Nov. 2002.
in the database server is the bottleneck, whereas the auction [5] M. Andreolini, E. Casalicchio, M. Colajanni, and M. Mambelli, “A
and bulletin board sites show that the CPU in the Web Cluster-Based Web System Providing Differentiated and Guaran-
teed Services,” Cluster Computing, vol. 7, no. 1, pp. 7-19, 2004.
server is the bottleneck. Cecchet et al. [14] examined the [6] G. Apostolopoulos, D. Aubespin, V. Peris, P. Pradhan, and D.
performance and scalability issues in Enterprise JavaBeans Saha, “Design, Implementation and Performance of a Content-
(EJB) applications. They modeled an online auction site like Based Switch,” Proc. INFOCOM, 2000.
eBay and experimented on it by several EJB implementa- [7] G. Apostolopoulos, V. Peris, and D. Saha, “Transport Layer
Security: How Much Does It Really Cost?” Proc. INFOCOM, 1999.
tions. Their test shows that the CPU on the EJB application [8] M.F. Arlitt and C.L. Williamson, “Internet Web Servers: Workload
server is the performance obstacle. In addition, the network Characterization and Performance Implications,” IEEE/ACM
is also saturated at some services. Trans. Networking, vol. 5, Oct. 1997.
The design of InfiniBand data centers is studied in [10]. It [9] M. Aron, P. Druschel, and W. Zwaenepoel, “Efficient Support for
P-HTTP in Cluster-Based Web Servers,” Proc. Usenix Ann.
compares the performance between Socket Direct Protocols Technical Conf., pp. 185-198, June 1999.
(SDP) and native sockets implementation over InfiniBand [10] P. Balaji, S. Narravula, K. Vaidyanathan, S. Krishnamoorthy, J.
(IPoIB). This paper only uses the user-level communication Wu, and D.K. Panda, “Sockets Direct Procotol over InfiniBand in
in a data center without any intelligent distribution Clusters: Is It Beneficial?” Proc. IEEE Int’l Symp. Performance
Analysis of Systems and Software (ISPASS ’04), Mar. 2004.
algorithm or architectural support for secure transactions. [11] V. Cardellini, E. Casalicchio, M. Colajanni, and P.S. Yu, “The State
of the Art in Locally Distributed Web-Server Systems,” ACM
Computing Surveys, vol. 34, no. 2, pp. 263-311, 2002.
7 CONCLUSIONS [12] E.V. Carrera, S. Rao, L. Iftode, and R. Bianchini, “User-Level
In this paper, we investigated the performance implications Communication in Cluster-Based Servers,” Proc. Eighth Int’l Symp.
High-Performance Computer Architecture (HPCA ’02), pp. 248-259,
of the SSL protocol for providing a secure service in a 2002.
cluster-based application server and proposed a back-end [13] E. Casalicchio and M. Colajanni, “A Client-Aware Dispatching
forwarding scheme for improving server performance Algorithm for Web Clusters Providing Multiple Services,” Proc.
through a better load balance. The proposed ssl_with_bf 10th Int’l World Wide Web Conf., pp. 535-544, May 2001.
[14] E. Cecchet, J. Marguerite, and W. Zwaenepoel, “Performance and
scheme exploits the underlying user-level communication Scalability of EJB Applications,” Proc. 17th ACM SIGPLAN Conf.
in order to minimize the intracluster communication over- Object-Oriented Programming, Systems, Languages, and Applications,
head. We compared three application server models, RR, pp. 246-261, 2002.
ssl_with_session, and ssl_with_bf, through simulation. The [15] M. Colajanni, P.S. Yu, and D.M. Dias, “Analysis of Task Assign-
simulation model captures the VIA communication char- ment Policies in Scalable Distributed Web-Server Systems,” IEEE
Trans. Parallel and Distributed Systems, vol. 9, no. 6, pp. 585-600,
acteristics and the application server design in sufficient June 1998.
detail and uses realistic numbers for SSL encryption [16] Compaq Computer Corp., Intel Corp., and Microsoft Corp.,
overheads obtained from measurements. Virtual Interface Architecture Specification. Version 1.0, http://
Simulation with 16-node and 32-node cluster configura- www.vidf.org, Dec. 1997.
[17] M. Crovella and P. Barford, “Self-Similarity in the World Wide
tions with a variety of workloads provides the following Web Traffic-Evidence and Possible Cause,” Proc. ACM Int’l Conf.
conclusions: First, schemes with reusable sessions, de- Measurement and Modeling of Computer Systems (SIGMETRICS ’96),
ployed in the ssl_with_session and ssl_with_bf models, are pp. 160-169, 1996.
KIM ET AL.: AN SSL BACK-END FORWARDING SCHEME IN CLUSTER-BASED WEB SERVERS 957
[18] C. Cunha, A. Bestavros, and M. Crovella, “Characteristics of Jin-Ha Kim received the MS degree from the
WWW Client-Based Traces,” Technical Report BU-CS-95-010, Department of Computer Science, Chungnam
Boston Univ., 1995. National University, and the PhD degree from
[19] A.B. Downey, “The Structural Cause of File Size Distributions,” the Department of Computer Science and
Proc. ACM Int’l Conf. Measurement and Modeling of Computer Engineering, Pennsylvania State University,
Systems (SIGMETRICS ’01), 2001. University Park, in 2005. She is currently work-
[20] G. Gousios and D. Spinellis, “A Comparison of Portable Dynamic ing in the Research and Development Center at
Web Content Technologies for the Apache Server,” Proc. Third Int’l Samsung Networks. Her research interests
System Administration and Network Eng. Conf. (SANE ’02), pp. 103- include cluster systems, distributed systems,
119, 2002. intracluster communication, and security on
[21] J. Guitart, D. Carrera, V. Beltran, J. Torres, and E. Ayuade, Web server communication. She is a member of the IEEE.
“Session-Based Adaptive Overload Control for Secure Dynamic
Web Applications,” Proc. Int’l Conf. Parallel Processing (ICPP ’05),
2005. Gyu Sang Choi received the PhD degree in
[22] C. Huitema, “Network vs. Server Issues in End-to-End Perfor- computer science and engineering from Penn-
mance,” keynote speech at Proc. Performance and Architecture of sylvania State University. He is a research staff
Web Servers Workshop, June 2000. member at the Samsung Advanced Institute of
[23] J.-H. Kim, G.S. Choi, D. Ersoz, and C.R. Das, “Improving Technology (SAIT) in Samsung Electronics. His
Response Time in Cluster-Based Web Servers through Coschedul- research interests include parallel and distribu-
ing,” Proc. 18th Int’l Parallel and Distributed Processing Symp., ted computing, supercomputing, cluster-based
pp. 88-97, 2004. Web servers, and data centers. Currently, he is
[24] Q. Li and B. Moon, “Distributed Cooperative Apache Web working on a real-time operating system in
Server,” Proc. 10th Int’l World Wide Web Conf., pp. 1215-1229, 2001. embedded systems at SAIT, while his prior
[25] Z. Maamar, “Commerce, E-Commerce, and M-Commerce: What research has been mainly focused on improving the performance of
Comes Next?” Comm. ACM, vol. 46, no. 12, pp. 251-257, 2003. clusters. He is a member of the IEEE.
[26] D.A. Menasce, “Performance and Availability of Internet Data
Centers,” IEEE Internet Computing, vol. 8, no. 3, pp. 94-96, 2004.
[27] M. Mitzenmacher, “Dynamic Models for File Sizes and Double
Pareto Distributions,” Internet Math., 2004. Chita R. Das received the MSc degree in
[28] Network Working Group, The MD5 Message-Digest Algorithm, electrical engineering from the Regional Engi-
IETF RFC 1321, http://www.ietf.org/rfc/rfc1321.txt, 1992. neering College, Rourkela, India, in 1981 and
the PhD degree in computer science from the
[29] Network Working Group, The Use of HMAC-SHA-1-96 within ESP
and AH, IETF RFC 2404, http://www.ietf.org/rfc/rfc2404.txt, Center for Advanced Computer Studies, Uni-
1998. versity of Louisiana at Lafayette, in 1986. Since
[30] Network Working Group, Triple-DES and RC2 Key Wrapping, IETF 1986, he has been with the Pennsylvania State
RFC 3217, http://www.ietf.org/rfc/rfc3217.txt, 2001. University, where he is currently a professor in
[31] A. Oke and R. Bunt, “Hierarchical Workload Characterization for the Department of Computer Science and
Engineering. His main areas of interest are
a Busy Web Server,” LNCS, vol. 2324/2002, p. 309, Aug. 2003.
parallel and distributed computer architectures, cluster computing,
[32] V.S. Pai, M. Aron, G. Banga, M. Svendsen, P. Druschel, W.
Zwaenepoel, and E. Nahum, “Locality-Aware Request Distribu- mobile computing, Internet quality of service (QoS), multimedia
tion in Cluster-Based Network Servers,” Proc. Eighth Int’l Conf. systems, performance evaluation, and fault-tolerant computing. He
Architectural Support for Programming Languages and Operating has served on the editorial boards of the IEEE Transactions on
Systems, pp. 205-216, 1998. Computers and IEEE Transactions on Parallel and Distributed Systems.
[33] J.E. Pitkow, “Summary of WWW Characterizations,” Proc. Seventh He is a fellow of the IEEE and a member of the ACM.
Int’l Conf. World Wide Web, pp. 551-558, 1998.
[34] R. Rivest, The RC4 Encryption Algorithm, RSA Data Security, Inc.,
Mar. 1992. . For more information on this or any other computing topic,
[35] Transport Layer Security Working Group, The SSL Protocol Version please visit our Digital Library at www.computer.org/publications/dlib.
3.0, Internet draft, work in progress, Mar. 1996.
[36] T. Wilson, E-Biz Bucks Lost under SSL Strain, http://
www.internetwk.com/lead/lead0520.htm, May 1999.
[37] M. Yousif, Characterizing Datacenter Applications, http://
www.intel.com/idf, Feb. 2003.
[38] Y. Zhou, A. Bilas, S. Jagannathan, C. Dubnicki, J.F. Philbin, and K.
Li, “Experiences with VI Communication for Database Storage,”
Proc. 29th Ann. Int’l Symp. Computer Architecture, pp. 257-268, May
2002.