Are there any performance issues after switching to AES256 encryption on the CA Top Secret security file?

book

Article ID: 16592

calendar_today

Updated On:

Products

CA Top Secret CA Top Secret - LDAP

Issue/Introduction

Are there any performance issues after converting to AES 256 encryption on the CA Top Secret security file?



 

Environment

Release:
Component: TSSMVS

Resolution

We don't have any reported performance problems related to AES 256 encryption.

We have had other clients pose the same questions as yours.

AES256 is absolutely a more CPU intensives solution than any other encryption methodology provided in the past. The hashing algorithm requires a significant number of instruction iterations to complete to achieve the desired levels of protection. Its approximately 4-5 times more.

It is strongly recommended that you consider the hardware implementations of ICSF Cryptographic services and CPACF (CP Assist for Cryptographic Function) functions to achieve the best performance (hardware is faster than software). Overall CPU utilization will be higher with AES256, the response to end users will be dependent on application requirements for logon activity.

With that said, from my experience, the majority of our clients implemented AES256 when they migrated to r16 and we don't have any reported problems indicating their was a sudden surge in CPU.  This implies that the impact is not noticeable.