Re: Difference in ssl offloading and https ?

Jonn cos · ‎08-30-2011

Hi all.

If this is not the right place then pls forgive me, but kindly help me clear this confusion. We are procuring hardware load balancer for our 2 servers. We are evaluating Brocade, F-5 and Cisco ACE. Currently the servers are running http, but in future they plan to use https. We heard about something called ssl offloading and we thought that it is indeed https. Then yesterday, one of the cisco partner asked us this question

Do you want https ? or ssl offloading ??

What is the difference in the two ? isnt ssl the same as https ?

Marvin Rhoads · ‎08-30-2011

The Data Center Application Networking forum would be the best place for these type of questions.

However...

SSL offload is a technology to terminate the secure session (transported from the clients via https) on the load balancer. One actually loads the SSL certificate for the site onto the load balancer. The SSL session is thus terminated at the load balancer and it then proxies to your servers using basic http. Load balancer appliances often have hardware that is optimized to perform this function for high volume sites. The backend web servers are thus not burdened with the encryption and de-encryption workload.

Alternatively, one can use SSL and a load balancer but still pass the SSL through the load balancer without modification. This obviously limits the ability of the load balancer to add as much value (features) to the equation since it only sees encrypted streams pass through it.

With only two servers, you might be better off with a software-only solution as opposed to a hardware appliance. Look at something like LVS on Linux (an open source project) or, for a commercial product, Citrix Netscaler VPX:

http://www.linuxvirtualserver.org/

http://www.citrix.com/English/ps2/products/subfeature.asp?contentID=2300454

Hope this helps. Please rate helpful posts.