LiveZilla Live Help

You are here

Performance

SafeSquid® is a multi-threaded software, with an extremely tiny memory foot-print. It has been bench-marked for performance on various hardware architectures and operating systems.

The multi-threaded architecture delivers two key benefits -

  • Reduced CPU utilization
    SafeSquid's architecture, ensures that it does not hog the CPU for long durations. Higher speed CPUs however are very useful, specially because they help to boost the response from allied software like virus-scanners, log-analyzers, SQL, authentication etc.
  • Reduced Latency & Higher throughput
    Without multi-threaded architecture the effective latency would have been the sum-total of latencies induced by each of the virus-scanners, and other content-analyzers. The multi-threaded architecture ensures that the maximum latency is equal to the latency of the slowest of the content processors.

But more importantly, consider this -

Let's suppose you have over 100 users on your enterprise. Now at any given time they could be trying to access content from different web-sites.

In a single-threaded proxy - A new connection is established for each user trying to fetch content from the same web-server. The necessary overhead of exchanging the protocol hand-shake for each such connection is repeated across each of these connections.

Whereas SafeSquid - squeezes multiple requests, from different users into the same connection; for the content from same web-sites. Obviously the communication overheads would be drastically reduced, and latency would be remarkably lower.

Pre-Fetching

The multi-threaded architecture brings to SafeSquid, some unique features like Pre-fetching. Pre-fetching can dramatically improve the browsing experience. When your users request a web-page, SafeSquid analyses it for embedded links like style sheets, images, etc. and starts fetching them, before your user's browser receives the page, analyses it, and makes the request for the embedded components.

DNS Caching

Most sluggishness or latency will be induced due to constituent processes, which necessarily have to be undertaken serially or sequentially, for example DNS resolution. SafeSquid has a DNS Cache, that can hold up to 8110 records for a maximum of 360 seconds. However a fast connectivity to a DNS Server can be quite useful.

Content Caching

SafeSquid has a two-tier content-cache. You can configure SafeSquid to use a part of the RAM as cache, besides traditional hard-disk, or use ICP to connect to remote web-caches. Naturally, therefore you should experience better performance with higher RAM. However specifying smaller file sizes like 65536 bytes or a few multiples, of this value for being served through RAM cache, should deliver improved stability. However you must carefully configure SafeSquid to evict content from RAM Cache to maintain system stability.

Content Processing

Content that needs, to be processed, is buffered in memory until it is completely downloaded. If it has to be processed with virus scanners or other programs, it is stored in the temporary directory as specified in the SafeSquid Configuration. If RAM is not a constraint, performance can be boosted, if the temporary directory is set on a RAM-DISK. To improve performance, reduce the size and types of the files that must be buffered (and thus, processed).

Network Connectivity

If you wish to serve a large number of users from the same Proxy server, Giga-bit Ethernet cards, can tremendously improve performance, by reducing congestion.

O/S & TCP Tuning

O/S hardening and TCP tuning can improve the stability and performance.

User Authentication

SafeSquid uses auth and account directives in its PAM configuration. You could easily stack multiple PAM modules to authenticate from more than one authentication systems. Using the password caching feature of SafeSquid, to build text-files for use with pam_pwdfile can hugely reduce the load on the remote authenticating systems like POP3 servers, Domain Controllers, SQL databases, etc, if pam_pwdfile is set to the top of the stack. System performance and security can be further improved by setting the path to cached text file on a RAM-DISK.

SafeSquid Logs

SafeSquid can generate a lot of disk I/O while producing the log-files. System stability can be increased if the log-files are built on a RAM-DISK. You could then use utilities like log-rotate to ensure that the size of log-files do not exceed the space allocated on the RAM-DISK.

Sockets

Using UNIX sockets wherever possible, instead of TCP/IP sockets is surely advisable. Communication over Unix Sockets is much faster and can quite improve performance when the content has to be processed by virus scanners.

Multi-Proxy & Clustering

In large environments, using master-slave deployments and forwarding is more advisable, to deliver higher stability. Clustering is another good option.

System Requirements

The latest versions are released only after comprehensive testing on contemporary Distributions of various Operating Systems. The CPU and RAM requirements depend upon the Internet & LAN Connection Speeds, acceptable latencies, number of concurrent users, complexity of the employed users, complexity of the employed rules, number of desired connection threads, third-party security software like antivirus, URL Databases, etc.

Minimal System Requirements:

CPU - Intel® Celeron® 433 MHz or higher
RAM - 512 Mb or more
Operating System - Linux Kernel 2.6

Ideally 7-10 MB RAM per concurrent user is advisable for environments having less than 25 users. For larger environments 5-7 MB RAM per user should work, under normal conditions.