The problem we're trying to solve is this: before a user logs into our secure site all content is cacheable. Once they've logged in, *none* of it is cacheable because everything is encapsulated in SSL. This puts a huge load on our servers, trying to serve up secure version of our webpages when it really isn't necessary.
If we offload the SSL processing to another device, this allows us to grab all cacheable content from the cache engine while grabbing the actual secure content from the other servers. Does that make sense? I feel I'm not explaining it very well. Here's an example to make it more clear. If a user isn't logged in and they go to our maps page, they can get directions to our different office locations. All of that content is cacheable. Once they've signed in and started an SSL session, everything they do now has to be served up directly from the server. The cache engine doesn't understand SSL and can no longer be used. If the user now goes to that same page, the maps and directions have to be encrypted by the server and then sent to the user. This is a needless waste of processing power on the server. If we offload the SSL processing to the loadbalancing switch or the cache engine, then even users with secure sessions can get static content from the cache engine. HTH, John ________________________________________________ Get your own "800" number Voicemail, fax, email, and a lot more http://www.ureach.com/reg/tag ---- On Wed, 2 Jan 2002, Gaz ([EMAIL PROTECTED]) wrote: > Not providing many/any answers here I'm afraid - just asking more > questions. > Is SSL that suitable for caching? I would have thought that most SSL > traffic > would be unique (Session ID's/transaction info etc). > That's not a cocky question, I really don't know. I suppose there will > be > static content within the SSL pages. > > I've used Intel SSL accelerators which seem to perform pretty well. We > also > do a fair bit of load balancing with Foundry Networks kit (Server > Irons/Big > Irons) and they're pretty nippy and pretty cheap compared to Cisco, and > have > the advantage that their CLI is very close to Cisco. > I suppose it depends what scale you're doing it on. > > From what I've seen of the Cisco CSS (Arrowpoint kit) they seem to offer > greater functionality/flexibility than Foundry, but not seen much of > them > working in anger yet. > > Be interesting to hear what Stratacache really mean by caching content > in > SSL-ready format. > > > Gaz > > ""John Neiberger"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > We are looking at buying some new load balancing switches and new > cache > > engines and somewhere in that mix we want to add SSL acceleration. > One > > vendor that we're looking at sells load balancing switches with SSL > > acceleration built-in. Of course, they really like their way of doing > > this. The other vendor has a cache engine with SSL acceleration and > > they say there is a significant performance increase by caching > content > > in SSL-ready format. > > > > Do any of you have any thoughts here? The first vendor is F5 and I > > really like the looks of their Big IP series. The second vendor is > > Stratacache and I really don't know much about them despite having > > talked to them about this. :-) > > > > Any tips? > > > > Thanks, > > John [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=30755&t=30724 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
