Credential Provider benchmark report

This topic presents measured results of performance and load testing, performed in both CyberArk PAM - Self-Hosted and Privilege Cloud lab environments that implement Credential Providers common usage.

Benchmarks environment

Our benchmark testing was performed within basic customer-like environments.

Tested components

The following components were used in the performance testing environment:

  • Privilege Cloud

  • 1 CyberArk Credential Provider v13.0

The benchmark test measures the performance of only the Credential Provider.

Server specifications

Component

OS

Hardware details

Hardware Type

AWS instance type

Credential Provider

Red Hat Enterprise Linux 7.9 64-bit

  • CPUs: 16

  • CPU model: Intel(R) Xeon(R) Platinum 8275CL CPU @ 3.00GHz

  • Memory: 32 GB

  • Kernel: 4.416

  • Virtualization: Not enabled

Virtual machine

c5.4xlarge

Tested CyberArk configuration

The following configurations were tested:

Component and version

Configuration

Privilege Cloud

  • 200 Safes

  • 50 accounts in each Safe (10000 accounts)

  • 10 applications in the Vault, authentication using OS User authentication

    Each application user is a member of 20 Safes

Credential Provider v13.0

  • Cache mode ‘Persistent’

  • The Credential Provider user is a member of 200 Safes (10000 accounts)

  • Refresh cache – 25 minutes

  • Java Password SDK

  • MaxConcurrentRequests = 40

Test flow

Each request was done by performing a GetPassword query on an object sent to the Credential Providers, using the Java Password SDK.

Two scenarios were tested, to find out the maximum number of requests that can be handled by the Credential Provider in each scenario:

  • Credential Provider with 5000 secrets in the cache

  • Credential Provider with 10000 secrets in the cache

Results

This section describes the results collected from load tests as per the configurations listed in the Tested CyberArk configuration section.

  1. Credential Provider with 5000 secrets in cache:

    Number of threads Requests handled by CP per second Average response time (ms) Min response time (ms) Max response time (ms) CPU usage (vCPU)
    200 154.3 45 8 25283 100
    300 212.9 157 8 25288 200
    350 213 391 147 25499 200

  2. Credential Provider with 10000 secrets in cache:

    Number of threads Requests handled by CP per second Average response time (ms) Min response time (ms) Max response time (ms) CPU usage (vCPU)
    200 99.1 765 126 30040 200
    300 108.4 1512 133 2692 153
    350 108.1 1983 176 2900 166.7

Conclusion

According to the results measured, we conclude that:

  • Credential Providers can handle up to 213 requests per second when there are 5000 secrets in the cache

  • Credential Providers can handle up to 108 requests per second when there are 10000 secrets in the cache

Disclaimer: These results are relevant only for the configuration mentioned in this document.