Yep makes sense. I suppose it comes down to price performance comparison and hopefully you might be able to get some more feedback from the group regarding the particular devices you're looking at. I suppose having the cache in the same device as the SSL accelerator may increase performance, but this probably depends on how much it limits the flexibility of using separate (expandable devices). I know with the Intel devices, that if you start maxing out you can add another accelerator to spread the load. Very easy to manage once they're installed.
Is there a danger that transaction information is cached as it is at that point converted to http? Don't know whether there are security issues or not? I'm getting paranoid from banking jobs. I suppose it depends on how your application works. Is it a possibility just to load balance across more servers to lighten load as servers tend to be the cheap part? Possibly a stupid question, but hey, it won't be my first or my last. Will be good to hear how it progresses. Gaz ""John Neiberger"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > The problem we're trying to solve is this: before a user logs > into our secure site all content is cacheable. Once they've > logged in, *none* of it is cacheable because everything is > encapsulated in SSL. This puts a huge load on our servers, > trying to serve up secure version of our webpages when it > really isn't necessary. > > If we offload the SSL processing to another device, this allows > us to grab all cacheable content from the cache engine while > grabbing the actual secure content from the other servers. > > Does that make sense? I feel I'm not explaining it very well. > > Here's an example to make it more clear. If a user isn't > logged in and they go to our maps page, they can get directions > to our different office locations. All of that content is > cacheable. > > Once they've signed in and started an SSL session, everything > they do now has to be served up directly from the server. The > cache engine doesn't understand SSL and can no longer be used. > If the user now goes to that same page, the maps and directions > have to be encrypted by the server and then sent to the user. > > This is a needless waste of processing power on the server. If > we offload the SSL processing to the loadbalancing switch or > the cache engine, then even users with secure sessions can get > static content from the cache engine. > > HTH, > John > > > ________________________________________________ > Get your own "800" number > Voicemail, fax, email, and a lot more > http://www.ureach.com/reg/tag > > > ---- On Wed, 2 Jan 2002, Gaz ([EMAIL PROTECTED]) wrote: > > > Not providing many/any answers here I'm afraid - just asking > more > > questions. > > Is SSL that suitable for caching? I would have thought that > most SSL > > traffic > > would be unique (Session ID's/transaction info etc). > > That's not a cocky question, I really don't know. I suppose > there will > > be > > static content within the SSL pages. > > > > I've used Intel SSL accelerators which seem to perform pretty > well. We > > also > > do a fair bit of load balancing with Foundry Networks kit > (Server > > Irons/Big > > Irons) and they're pretty nippy and pretty cheap compared to > Cisco, and > > have > > the advantage that their CLI is very close to Cisco. > > I suppose it depends what scale you're doing it on. > > > > From what I've seen of the Cisco CSS (Arrowpoint kit) they > seem to offer > > greater functionality/flexibility than Foundry, but not seen > much of > > them > > working in anger yet. > > > > Be interesting to hear what Stratacache really mean by > caching content > > in > > SSL-ready format. > > > > > > Gaz > > > > ""John Neiberger"" wrote in message > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > We are looking at buying some new load balancing switches > and new > > cache > > > engines and somewhere in that mix we want to add SSL > acceleration. > > One > > > vendor that we're looking at sells load balancing switches > with SSL > > > acceleration built-in. Of course, they really like their > way of doing > > > this. The other vendor has a cache engine with SSL > acceleration and > > > they say there is a significant performance increase by > caching > > content > > > in SSL-ready format. > > > > > > Do any of you have any thoughts here? The first vendor is > F5 and I > > > really like the looks of their Big IP series. The second > vendor is > > > Stratacache and I really don't know much about them despite > having > > > talked to them about this. :-) > > > > > > Any tips? > > > > > > Thanks, > > > John > [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=30821&t=30724 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
