Performance is not usually a primary consideration when designing a security strategy for servers running Internet Information Server (IIS), and it should not be. The intrinsic benefits of protecting your installation and its code and data from unwarranted access override performance concerns. Nonetheless, effective security features have performance overhead — sometimes quite significant overhead — so it is important to measure the overhead and provide enough excess capacity to accommodate it.
This chapter describes some techniques for measuring the effects on server performance of security strategies commonly used on Windows NT Internet servers. These techniques include controlling access by IP Address, basic client authentication, Windows NT Challenge/Response client authentication, and Secure Sockets Layer (SSL) protocol. The following topics are covered in this chapter:
"The Challenge of Measuring Security Overhead."
"Using Microsoft Web Capacity Analysis Tool (WCAT) to Measure Security Overhead."
"Using Performance Monitor to Track Anonymous and Non-Anonymous Connections."
"Using Performance Monitor to Count Not-Found Errors."
"Capacity Planning to Support Security Features."