# Performance and Scaling This page outlines **observed performance KPIs** typically used to evaluate Certificate Lifecycle Management (CLM) and Certificate Authority (CA) platforms at enterprise scale. These metrics are derived from **industry benchmarks, customer references, and field deployments** across large public and private trust environments, and are provided as **guidance values** rather than hard guarantees. Actual performance depends on deployment topology, CA and HSM latency, validation methods, certificate volumes, and automation maturity. *** ### KPI Categories CertiNext performance is generally evaluated across four primary dimensions: 1. **Certificate request and issuance workflows** 2. **Automation and ACME protocol performance** 3. **UI responsiveness and operator experience** 4. **Platform scalability and concurrency** *** ### 1. Certificate Request and Issuance KPIs These KPIs measure how the platform performs when users, APIs, or automation systems submit certificate requests concurrently. | Metric | Observed Enterprise KPI | | -------------------------------------------- | --------------------------------------- | | Concurrent certificate request submissions | 200–1,000+ concurrent requests | | API/UI request acknowledgement (p95) | < 500 ms | | Policy validation + request acceptance (p95) | < 2–5 seconds | | End-to-end issuance (DV, automated path) | Seconds to minutes (CA & DCV dependent) | | End-to-end issuance (OV/EV) | Minutes to hours (validation dependent) | | Request failure rate under load | < 0.1% | **Notes** * End-to-end issuance time is dominated by **CA validation** and **HSM operations**, not the CLM layer. * Mature CLM platforms decouple request ingestion from issuance to maintain responsiveness under load. *** ### 2. ACME Protocol and Automation KPIs ACME is typically the **highest-volume transaction path** in modern CLM deployments due to short-lived certificates and automated renewals. | Metric | Observed Enterprise KPI | | ------------------------------------------ | ------------------------------------ | | ACME newOrder / finalize API latency (p95) | 300–700 ms | | Certificate issuance throughput | Hundreds to thousands per hour | | Burst renewal handling | 2–3× normal peak without degradation | | ACME success rate | > 99.9% | | Retry / backoff handling | Automatic, no manual intervention | | Renewal-related outages | Near zero in automated environments | **Notes** * Platforms that lack strong queuing and idempotency controls tend to fail during renewal storms. * ACME performance is highly sensitive to **DNS provider latency** and **CA responsiveness**. *** ### 3. UI and Console Performance KPIs These KPIs measure operator experience for security, PKI, and DevOps teams managing large certificate estates. | Metric | Observed Enterprise KPI | | ------------------------------------- | -------------------------- | | Login → dashboard load (p95) | < 2 seconds | | Certificate inventory page load (p95) | < 2 seconds | | Certificate detail view (p95) | < 1–2 seconds | | Search and filter operations (p95) | < 1–2 seconds | | Large reports / exports | Seconds to minutes (async) | **Notes** * High-scale deployments rely on **server-side pagination, indexing, and caching**. * UI performance degradation is often an early indicator of database sizing issues. *** ### 4. Discovery and Inventory Scale KPIs Discovery and inventory operations place sustained load on the platform and database. | Metric | Observed Enterprise KPI | | ---------------------------------------- | ------------------------------ | | Certificates tracked per tenant | 100k – 1M+ | | Discovery scan size | Thousands of endpoints per run | | Discovery execution impact | No visible UI/API degradation | | Inventory refresh latency | Near-real-time to minutes | | Orphan / unmanaged certificate detection | Continuous | **Notes** * Discovery workloads are typically offloaded to **bots/agents** to protect core platform performance. * Inventory performance depends heavily on database indexing strategy. *** ### 5. Platform Scalability Characteristics Observed characteristics of enterprise-grade CLM platforms: * Horizontally scalable application tier (stateless services) * Database as the primary scaling constraint * Separation of: * UI/API ingestion * Policy validation * Issuance and CA interaction * Ability to scale automation independently of UI usage * No certificate outages caused by platform-level bottlenecks *** ### Recommended Baseline Configuration (Production for On-Prem) To achieve the above KPI ranges, typical production deployments use: #### Application Tier * 3+ application nodes (or pods) * 2–4 vCPU, 6–12 GB RAM per node * Java 21 with tuned JVM heap * Autoscaling enabled #### Database Tier * Highly available database with replication * 4–8 vCPU, 16–32 GB RAM (baseline) * SSD / NVMe storage * Strong indexing for inventory and audit logs #### Automation / Bots * Deployed separately from core platform * Scaled by number of endpoints and renewal frequency * Isolated from UI/API workloads ### Interpreting These Benchmarks These KPIs represent **what a well-run, mature deployment typically achieves in production**, not theoretical maxima. Organizations consistently meeting these benchmarks usually are configured with: * High automation adoption (ACME, APIs, bots) * Short certificate lifecycles * Clear ownership and policy enforcement * Proper database sizing and monitoring --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.certinext.io/documentation/deployment-and-operations/performance-and-scaling.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.