High Performance, Low Cost and Strong Security

20 Nov 2010

Low Cost, High Performance,Strong Security: Pick Any Three byChris Palmer has a funny and informative presentation where the main message is: reduce the size and frequency of networkcommunications, which will make your pages load faster, which will improve performance enough that you can use HTTPS all the time, which will make you safe and secure on-line, which is a good thing.

The benefits of HTTPS for security are overwhelming, but people are afraid of the performance hit. The argument is successfully made that the overhead of HTTPS is low enough that you can afford the cost if you do some basic optimization. Reducing the number of HTTP requests is a good source of low hanging fruit.

From the Yahoo UI Blog:

Reducing the number of HTTP requests hasthe biggest impact on reducing response timeand is often the easiest performanceimprovement to make.

From the Experience of Gmail:

we found that there were betweenfourteen and twenty-four HTTP requestsrequired to load an inbox it now takes as fewas four requests from the click of the Sign inbutton to the display of your inbox.

So, design highergranularity services where more of the functionality is one the server side than the client side. This reduces the latency associated with network traffic and increases performance. More services less REST?

Other Suggestions for Reducing Network Traffic:

  • DONT have giant cookies, giant requestparameters (e.g. .NET ViewState).
  • DO compress responses (gzip, deflate).
  • DO minify HTML, CSS, and JS.
  • DO use sprites. DO compress images at theright compression level, and DO use the rightcompression algorithm for the job.
  • DO maximize caching




Follow Me