In March 2013, we released version 8.7 of AppScan. One of the focus areas for that release was to improve the scalability and performance of the enterprise components of the solution, specifically the AppScan Enterprise Server and AppScan Enterprise Dynamic Analysis Scanner. The Engineering team made some architecture changes, which helped dramatically improve the performance and scalability of these components. In this blog entry, I'd like to provide an overview of these changes and their effect.
First, the Engineering team separated the database tables for storing information during the execution of a scan from the central AppScan Enterprise Server database and moved those tables into a local built-in database on the AppScan Enterprise Dynamic Analysis Scanner (DAST scan server). In the previous versions of the product, the scan server wrote data into the AppScan Enterprise Server central database throughout the entire duration of the scan. This consumed a lot of resources on the database server which affected the Web UI performance and greatly limited the number of scans you could run simultaneously on a scan server. There were also latency concerns depending on where the scan server was located in relation to the database server. In version 8.7, scan data is written into a local built-in database on the scan server. Data is transferred to the central database on the AppScan Enterprise Server only at the end of a scan (in one batch). This improved the performance of the Web UI, enabled running more simultaneous scans on a single scan server and addressed the latency concerns when the scan server is located far from the database server.
Figures 1 and 2 for a depiction of the implemented architecture changes.
Another implementation change made by the Engineering team was removing the old encryption mechanism for protecting data "at-rest". When deploying v8.7, we recommend that AppScan Enterprise administrators enable the Microsoft SQL Server Enterprise Edition (2008 and higher) built-in mechanism for data encryption, Transparent DATA Encryption (TDE), which provides much better performance. Alternatively, administrators could use Encrypting File System which comes with Windows.
So here are the results of the efforts of the Engineering team:
- Web UI responsiveness has increased by approximately 50%
- Scan and reporting performance has increased by approximately 50%
- 4-5 scans can run at the same time on single DAST scan server
- DAST scan servers can be deployed remotely from central AppScan Enterprise Server