Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1151
Views
0
Helpful
1
Replies

Difference in ssl offloading and https ?

Jonn cos
Level 4
Level 4

‎08-30-2011 07:29 AM

Hi all.

If this is not the right place then pls forgive me, but kindly help me clear this confusion. We are procuring hardware load balancer for our 2 servers. We are evaluating Brocade, F-5 and Cisco ACE. Currently the servers are running http, but in future they plan to use https. We heard about something called ssl offloading and we thought that it is indeed https. Then yesterday, one of the cisco partner asked us this question

Do you want https ? or ssl offloading ??

What is the difference in the two ? isnt ssl the same as https ?

Labels:
0 Helpful
1 Reply 1

Marvin Rhoads
Hall of Fame
Hall of Fame

‎08-30-2011 09:02 PM

The Data Center Application Networking forum would be the best place for these type of questions.

However...

SSL offload is a technology to terminate the secure session (transported from the clients via https) on the load balancer. One actually loads the SSL certificate for the site onto the load balancer. The SSL session is thus terminated at the load balancer and it then proxies to your servers using basic http. Load balancer appliances often have hardware that is optimized to perform this function for high volume sites. The backend web servers are thus not burdened with the encryption and de-encryption workload.

Alternatively, one can use SSL and a load balancer but still pass the SSL through the load balancer without modification. This obviously limits the ability of the load balancer to add as much value (features) to the equation since it only sees encrypted streams pass through it.

With only two servers, you might be better off with a software-only solution as opposed to a hardware appliance. Look at something like LVS on Linux (an open source project) or, for a commercial product, Citrix Netscaler VPX:

http://www.linuxvirtualserver.org/


http://www.citrix.com/English/ps2/products/subfeature.asp?contentID=2300454

Hope this helps. Please rate helpful posts.

0 Helpful
Customers Also Viewed These Support Documents