Performance study of software-based iSCSI security

In this paper, we study possible iSCSI security different security requirements. To evaluate the performance of different security schemes, we conduct performance experiments using a software-based iSCSI implementation with proper security extensions. In data encryption schemes, we consider two alternatives, IP Security Protocol (IPSec) and Secure Socket Layer (SSL), and compare the resulting iSCSI performances with these two schemes. We find that the software-based iSCSI implementation offers reasonable throughput with a 2 GHz CPU at the network speed of 100Mbps; however, with a 1 GHz CPU, the software implementation is not capable of providing sufficient throughput with triple-DES encrypted storage data. In addition, we also find that IPSec ESP scheme has better performance when the requested data size is small, compared to SSL. Given that both performance and security are critical issues in the deployment of iSCSI, it is important to understand the tradeoffs between them. We believe that this study sheds some helpful light on this understanding.