the 90% number depends highly on what sort of content you're serving out - if you're serving mainly static content, then yes, you would expect to see that all of your cpu work is being done on the encryption / decryption of the ssl - no matter anything else, it is simply a number crunching job. the 7110 is very easy to set up, but in using them, I would make sure that you have database and any nfs traffic going through a separate NIC - keep the traffic coming through it to just the incoming and outgoing web traffic. I've only used them shortly, but have been very happy with their performance - even on a box (2*pIII 500, .5G RAM) that wasn't seeing much load and cpu was always low, the simple acceleration in the speed of encryption / decryption boosted the rate we were serving at by about 40% on dynamic content, which simply amazed me. In terms of setting up apache, my recommendation is just to keep your secure server (modssl, I'll assume), and put in an additional virtualhost on another port with SSLEngine Off in it, but otherwise same configuration as you secure one. You can then configure the 7110 to pass the decrypted traffic off to that port, but if it gets overloaded for whatever reason, you can have it simply spill through and let modssl pick up the work. These boxes were originally made by iPivot, who was then bought out by intel. I believe the boxes are based upon the rainbow ssl accelerator cards. I haven't actually tried the 7180's, so no comments there. Hope that helps - Jody Biggs -----Original Message----- From: Dan Browning [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 20, 2000 10:32 AM To: [EMAIL PROTECTED] Subject: Anyone have any comments on SSL Accelerators? I'm thinking about getting an SSL Accelerator. Intel has one that intercepts packets in-between your web server(s) and net connection. Then it does the encryption/decryption required and passes the traffic along to the web server(s). It's called the NetStructure(TM) 7110 e-Commerce Accelerator and the NetStructure(TM) 7180 e-Commerce Director. I've included an HTML for ref. Has anyone had any experience with these or other accelerators? Intel says that 90% of cpu util can be SSL (sounds fishy to me). I would just be interested in any comments you might have. Thanks, Dan Browning Network & Database Administrator Cyclone Computer Systems ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
