ACE SSL Offload Advantage on End to End SSL
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-21-2012 06:51 AM
Is there any advantages to doing SSL termination on ACE if you are doing End to End SSL? It seems as thought it's just another place to manage certs, when you could just pass the port 443 traffic to the server and let it do the SSL decription/encryption.
- Labels:
-
Application Networking
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-21-2012 08:41 AM
Hi,
If you terminate on the ACE before re-encrypting you have an opportunity to look at the underlying plaintext and make decisions (e.g. cookie values).
HTH
Cathy
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-21-2012 09:00 AM
If you have multiple servers behind ace, you do not need to install multiple carts on each server.
Sent from Cisco Technical Support iPad App
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-21-2012 11:35 AM
- centralized point of management of your certs
- performances (hardware-based)
- you can use strong ciphers on the client side and weaker ciphers on the server sides, reducing the load on the servers
- use of SSL Reuse combined to TCP offload
There are some whitepapers available on cisco.com on this topic.
