CPU/MEM specs required for Red Hat Certificate System
Environment
- Red Hat Certificate System
- 9.x
Issue
We would like to know Red Hat's recommendation on CPU and RAM resources for a system that will run Red Hat Certificate System (RHCS).
Resolution
This will largely depend on the particular environment, but as a general guideline, please consider:
- Minimal:
- CPU: 2 thread CPU, 2GHz or faster
- RAM: 2GB RAM
- Disk: 20GB / 40GB Disk
- Recommended:
- CPU: 4 thread CPU with Advanced Encryption Standard (AES)
- RAM: 4GB-8GB RAM
- Disk: 80GB+ disk
Root Cause
These are loosely based on recommendations for RHEL. RHCS does take advantage of multiple cores, thus the suggestion.
Network Security Services (NSS) does all the cryptographic operations on RHEL 7 and can take advantage of AES New Instructions (AES-NI) in a CPU. In a low-load scenario, requests may be slightly slower, but if using Key Recovery Authority (KRA) (with AES and without Hardware Security Modules (HSM)) - it would be useful. This configuration also helps with Transport Layer Security (TLS) connections.
Note: this matters less if an HSM is in use because cryptographic operations are offloaded, but since HSMs are generally slow, having more cores (2 or 4 instead of 1) might help with concurrent requests.
Storage: 20GB is recommended for a RHEL install. If only RHCS (+Red Hat Directory Server (RHDS) for storage) will be used, 40GB/80GB should be sufficient, if logs are rotated and the number of certificates are reasonable.
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Comments