Key Management Interoperability Protocol (KMIP) server performance metrics in Kubernetes environment

Edit online

As enterprise environments scale to support multiple databases and High Availability (HA) requirements, optimizing the performance of the Key Management Interoperability Protocol (KMIP) server becomes critical. This document outlines performance metrics and deployment considerations to enhance KMIP throughput in a Kubernetes-based deployment in IBM® Guardium® Cryptography Manager. It includes details on throughput, scalability, and infrastructure requirements for HA deployments.

By combining replica scaling, database clustering, and network optimization, you can achieve high throughput and resilience for KMIP services in large-scale, HA deployments.
  • Replica scaling: Deploy three KMIP server replicas across worker nodes to distribute load and ensure redundancy.
  • Database optimization: Use external MongoDB and PostgreSQL clusters in HA mode with proper tuning (for example, max_connections = 500 for PostgreSQL in postgres.conf) to handle concurrent requests efficiently.
  • Network latency control: Maintain sub-millisecond latency (≤1 ms) between KMIP servers and external databases to reduce response time.
  • Resource allocation: Allocate sufficient CPU and memory resources per KMIP replica to handle cryptographic operations at scale.
  • Load balancing: Implement Kubernetes-native load balancing to evenly distribute KMIP requests across replicas.
  • Performance metrics: Target throughput benchmarks such as:
    • Create key: 160 keys/sec
    • Get key: 250 requests/sec
    • Oracle encrypt operations: 50 RPS, supporting up to 75 Oracle DB instances.

The following table displays the components and configuration for test environment for KMIP server performance metrics.

Table 1. Test environment
Component Configuration Description
Kubernetes cluster 3 master nodes, 3 worker nodes
KMIP service 3 replicas (one per worker node)
External databases MongoDB and PostgreSQL clusters in HA mode (3 nodes per instance)
PostgreSQL settings max_connections = 500 in postgres.conf
Network latency ≤ 1 ms between Guardium Cryptography Manager servers and external databases

The following table displays throughput benchmarks for performance metrics related to operations.

Table 2. Performance metrics for KMIP operations
Operation Throughput
Create Key 160 keys/sec
Get Key 250 requests/sec
Encrypt_Init + Encrypt (Oracle) 50 requests/sec (RPS)

Supported scale:

  • Up to 75 Oracle DB instances.
  • Oracle sends Encrypt_Init and Encrypt requests every 3 seconds per DB instance.