Sizing your Edge Encryption environment

  • Release version: Yokohama
  • Updated January 30, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Sizing your Edge Encryption environment

    Properly sizing your Edge Encryption environment is crucial to ensure efficient data encryption without excessive latency and to maintain system redundancy. This involves determining the appropriate number of proxy servers based on user load, redundancy requirements, and hardware capabilities.

    Show full answer Show less

    Key Features

    • Redundancy: Maintain at least two proxy servers behind a load balancer to ensure continuous availability in case of hardware failure. Load balancers distribute requests and should use the "least connections" method to avoid overloading any single proxy server.
    • Sizing Guidelines:
      • Set up approximately one proxy server for every two application nodes.
      • Add one proxy server for every 500 simultaneous users.
      • Include additional servers for failover based on desired redundancy.
      • For example, 2,000 users require at least five proxy servers behind a load balancer.
    • Hardware Considerations: Proxy server performance depends on CPU speed, number of CPUs, and RAM. Faster hardware reduces latency.
    • CPU Utilization: Encryption is CPU intensive; spikes above 80% utilization for several minutes indicate the need for additional proxy servers to reduce latency.
    • Memory Requirements: Proxy servers should have at least 4 GB of RAM available, with 6 GB recommended. Memory limits should be configured according to recommended settings to optimize performance.

    Key Outcomes

    By following these sizing and redundancy guidelines, ServiceNow customers can achieve balanced load distribution, minimized latency during data encryption, and high availability of proxy servers within their Edge Encryption environment. This ensures secure and efficient processing of encrypted data even under high user loads or hardware failures.

    Choosing the number of proxy servers for your environment is an important task. Consider the number of users, redundancy needs, and acceptable latency.

    Redundancy

    Maintain redundant proxy servers in case of hardware failure. Proxy servers should be located behind a load balancer to provide a functional path for all users if a proxy server is unreachable. At a minimum, ensure that two proxy servers are always available.

    Size

    Size refers to the number of proxy servers required to avoid additional latency that the encryption of data produces. Depending on use, you may want to reduce the amount of latency by adding additional proxy servers. For example, if regular mass encryptions are run, add additional proxy servers to handle the load, or run the mass encryptions when the user load is light. In addition, the hardware that the proxy server runs on influences performance and latency. Proxy servers running on hardware with faster CPUs, more CPUs, and more RAM have higher throughput than slower, limited systems.

    The following guidelines assume that your proxy server is running on at least the minimum hardware requirements. To determine the number of proxy servers:
    • Consider setting up one proxy server for every two application nodes on the instance.
    • For redundancy, set up a minimum of two proxy servers behind a load balancer.
    • Add an extra proxy server for every 500 simultaneous users.
    • Depending on the desired redundancy, add additional proxy servers for failover.

    For example, for an instance with 2,000 users, you should have at least five proxy servers behind a load balancer. This calculation includes one proxy server for every 500 users, with an extra proxy server for failover. Determine ahead of time when you will approach a threshold of 500 users and place another proxy server in the load balancer pool.

    Load balancers

    To balance requests and improve server response time, distribute proxy servers in a load balancer pool. Configure load balancers to use the "least connections" method. This method connects requests to the proxy server with the fewest active connections, preventing the overloading of a single proxy.

    CPU utilization

    Because data encryption and tokenization are CPU intensive operations, CPU spikes while encrypting data are normal and expected. When CPU utilization is over 80% for several minutes at a time, it likely means that the proxy server has too much work to do. When this happens, latency increases for the period that the CPU utilization is high. If latency persists, adding another proxy server may help decrease the latency.

    Memory

    The proxy server must have a minimum of 4 GB of RAM available (6 GB recommended). Set the proxy server initial and upper bound memory limits to the recommended settings.