AMD's server CPU 'EPYC' adopted as Let's Encrypt database server

Let's Encrypt, which issues a free SSL certificate, has revealed that it has adopted AMD's server CPU ' EPYC ' as its database server. Following Cloudflare , which provides Google's cloud services and content delivery networks , AMD's entry into the server industry is accelerating.

The Next Gen Database Servers Powering Let's Encrypt --Let's Encrypt --Free SSL / TLS Certificates

Let's Encrypt is a certificate authority that issues SSL certificates, which are indispensable for secure Internet communication, free of charge. More than 230 million websites use Let's Encrypt, and in February 2020, the total number of certificates issued exceeded 1 billion.

Announced that the number of SSL certificates issued by Let's Encrypt has exceeded 1 billion, HTTPS usage has increased rapidly in the past 3 years-GIGAZINE

Let's Encrypt uses

MariaDB to manage the registrant and certificate issuance process. It has a simple configuration in which a single primary DB issues a certificate and a large number of read replicas are installed under it, which makes it possible to improve security and reliability and reduce maintenance complexity. Let's Encrypt says.

The database server of Let's Encrypt has been updated, and the CPU and memory have been upgraded. The contents of the upgrade are as follows.
Previous generation Next generation

Intel Xeon E5-2650 x2

Total core / number of threads: 24/48

AMD EPYC 7452 x2

Total core / number of threads: 64/128

memory 1TB 2400MT / s 2TB 3200MT / s

Samsung PM883 3.8TB SATA x24

Read / write speed: 560 / 540MB / s

Intel P4610 6.4TB NVMe x24

Read / write speed: 3200/3200 MB / s

The first thing to notice is that the CPU has been changed from Intel's Xeon series to AMD's EPYC series. The number of physical cores has been increased from 24 cores to 64 cores. In addition, since EPYC 7452 has 128 lanes of PCIe 4.0, it is possible to install NVMe SSD that could not be realized with Xeon E5-2650 which can use only 48 lanes of PCIe 3.0, and storage throughput is greatly improved. .. The server itself is a 2U rack serverDell PowerEdge R7525 , and the contents of the caselook like this.

On the software side, the old server built RAID 10 with hardware RAID, but the new server built RAID with

OpenZFS because there was no efficient hardware RAID available for NVMe SSDs. And that. Detailed tuning details when using OpenZFS and MariaDB in combination are also published on GitHub.

Looking at the response time to API requests after the server upgrade, it took about 90 milliseconds on the old server, but it has improved to 9 milliseconds on the new server.

On the old server, the database query response speed was about 0.45 milliseconds, but ...

Improved to 0.15ms on the new server.

Looking at the CPU utilization of the old server, we can see that the state of 90% or more is always continuing, and there was a limit to the processing.

With the new server, the usage rate is suppressed to about 25%, and there is plenty of room for processing. The sudden change in the red frame is the timing when the new server was promoted from read replica to primary.

The new server was very expensive and a big job for the SRE team, but Let's Encrypt says this upgrade was needed to 'more people secure and privacy with Let's Encrypt.' .. In addition, Let's Encrypt is operated by a non-profit organization, and you can donate from the following URL.

Donate --Let's Encrypt --Free SSL / TLS Certificates

in Software,   Web Service,   Hardware, Posted by darkhorse_log