Solved: ACE 4710 & SSL Offloading

rowelldionicio · ‎11-29-2011

I testing the 4710 for load balancing between 2 web servers. I have the http portion working just fine but would like to get some input on the SSL portion.

We have a section of our site that requires user login and the whole session is https from when they login and when they are browsing through our site.

My questions are within the design aspects. Would this best be designed using SSL offloading and then using clear text from the ACE to the web servers? Also, what would the differences be with configuring ssl offloading with stickiness if configured with http server load balancing on the same server farm versus creating a new server farm just for https? Would end-to-end ssl be best in this scenario?

Description of the web application usage:

Users log in and their whole session is https. Users will be filling out forms, inputting data, registering for events and uploading some files.

Surya ARBY · ‎11-30-2011

Use cleartext in back end (the most simple way to do it), cookie based persistance and don't forget to enable SSL rewrite / SSL redirect

View solution in original post

Surya ARBY · ‎11-30-2011

Use cleartext in back end (the most simple way to do it), cookie based persistance and don't forget to enable SSL rewrite / SSL redirect

rowelldionicio · ‎12-01-2011

Okay so that makes sense to me now. When the client requests an HTTPS page and the ACE terminates the connection, the ACE uses SSL rewrite/redirect to send the request back to the client so that the client still maintains the SSL connection. Otherwise it will request an HTTP page instead of the HTTPS page.

Am I correct?

Surya ARBY · ‎12-01-2011

yes