Re: SSL Accelerators [7:30724]
John, HP SSL accelerators have been painlessly deployed at one of our sites for E-com applications. I don't know much about them but I thought you might want to know of more options. Quote from HP: "...greatly freeing up server resources and processing." http://www.hp.com/products1/servers/serverappliances/products/traffic_management_server_apps/index.html Rohm Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=30889&t=30724 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Re: SSL Accelerators [7:30724]
Yep makes sense. I suppose it comes down to price performance comparison and hopefully you might be able to get some more feedback from the group regarding the particular devices you're looking at. I suppose having the cache in the same device as the SSL accelerator may increase performance, but this probably depends on how much it limits the flexibility of using separate (expandable devices). I know with the Intel devices, that if you start maxing out you can add another accelerator to spread the load. Very easy to manage once they're installed. Is there a danger that transaction information is cached as it is at that point converted to http? Don't know whether there are security issues or not? I'm getting paranoid from banking jobs. I suppose it depends on how your application works. Is it a possibility just to load balance across more servers to lighten load as servers tend to be the cheap part? Possibly a stupid question, but hey, it won't be my first or my last. Will be good to hear how it progresses. Gaz ""John Neiberger"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > The problem we're trying to solve is this: before a user logs > into our secure site all content is cacheable. Once they've > logged in, *none* of it is cacheable because everything is > encapsulated in SSL. This puts a huge load on our servers, > trying to serve up secure version of our webpages when it > really isn't necessary. > > If we offload the SSL processing to another device, this allows > us to grab all cacheable content from the cache engine while > grabbing the actual secure content from the other servers. > > Does that make sense? I feel I'm not explaining it very well. > > Here's an example to make it more clear. If a user isn't > logged in and they go to our maps page, they can get directions > to our different office locations. All of that content is > cacheable. > > Once they've signed in and started an SSL session, everything > they do now has to be served up directly from the server. The > cache engine doesn't understand SSL and can no longer be used. > If the user now goes to that same page, the maps and directions > have to be encrypted by the server and then sent to the user. > > This is a needless waste of processing power on the server. If > we offload the SSL processing to the loadbalancing switch or > the cache engine, then even users with secure sessions can get > static content from the cache engine. > > HTH, > John > > > > Get your own "800" number > Voicemail, fax, email, and a lot more > http://www.ureach.com/reg/tag > > > On Wed, 2 Jan 2002, Gaz ([EMAIL PROTECTED]) wrote: > > > Not providing many/any answers here I'm afraid - just asking > more > > questions. > > Is SSL that suitable for caching? I would have thought that > most SSL > > traffic > > would be unique (Session ID's/transaction info etc). > > That's not a cocky question, I really don't know. I suppose > there will > > be > > static content within the SSL pages. > > > > I've used Intel SSL accelerators which seem to perform pretty > well. We > > also > > do a fair bit of load balancing with Foundry Networks kit > (Server > > Irons/Big > > Irons) and they're pretty nippy and pretty cheap compared to > Cisco, and > > have > > the advantage that their CLI is very close to Cisco. > > I suppose it depends what scale you're doing it on. > > > > From what I've seen of the Cisco CSS (Arrowpoint kit) they > seem to offer > > greater functionality/flexibility than Foundry, but not seen > much of > > them > > working in anger yet. > > > > Be interesting to hear what Stratacache really mean by > caching content > > in > > SSL-ready format. > > > > > > Gaz > > > > ""John Neiberger"" wrote in message > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > We are looking at buying some new load balancing switches > and new > > cache > > > engines and somewhere in that mix we want to add SSL > acceleration. > > One > > > vendor that we're looking at sells load balancing switches > with SSL > > > acceleration built-in. Of course, they really like their > way of doing > > > this. The other vendor has a cache engine with SSL > acceleration and > > > they say there is a significant performance increase by > caching > > content > > > in SSL-ready format. > > > > > > Do any of you have any thoughts here? The first vendor is > F5 and I > > > really like the looks of their Big IP series. The second > vendor is > > > Stratacache and I really don't know much about them despite > having > > > talked to them about this. :-) > > > > > > Any tips? > > > > > > Thanks, > > > John > [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=30821&t=30724 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: SSL Accelerators [7:30724]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 We have used the Big IP load balancers from F5we looked at alteon and radware...these things blew them away. Highly recommended and the support is second to none. - -Original Message- From: matt shiite [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 02, 2002 4:44 PM To: [EMAIL PROTECTED] Subject: Re: SSL Accelerators [7:30724] Personnally I have used the Alteon series loadbalancers with their ISD ssl accelerator. I can't complain...they have worked like a champ. Just another option for ya :) ms - --- Gaz wrote: > Not providing many/any answers here I'm afraid - > just asking more questions. > Is SSL that suitable for caching? I would have > thought that most SSL traffic > would be unique (Session ID's/transaction info etc). > That's not a cocky question, I really don't know. I > suppose there will be > static content within the SSL pages. > > I've used Intel SSL accelerators which seem to > perform pretty well. We also > do a fair bit of load balancing with Foundry > Networks kit (Server Irons/Big > Irons) and they're pretty nippy and pretty cheap > compared to Cisco, and have > the advantage that their CLI is very close to Cisco. > I suppose it depends what scale you're doing it on. > > From what I've seen of the Cisco CSS (Arrowpoint > kit) they seem to offer > greater functionality/flexibility than Foundry, but > not seen much of them > working in anger yet. > > Be interesting to hear what Stratacache really mean > by caching content in > SSL-ready format. > > > Gaz > > ""John Neiberger"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > We are looking at buying some new load balancing > switches and new cache > > engines and somewhere in that mix we want to add > SSL acceleration. One > > vendor that we're looking at sells load balancing > switches with SSL > > acceleration built-in. Of course, they really > like their way of doing > > this. The other vendor has a cache engine with > SSL acceleration and > > they say there is a significant performance > increase by caching content > > in SSL-ready format. > > > > Do any of you have any thoughts here? The first > vendor is F5 and I > > really like the looks of their Big IP series. The > second vendor is > > Stratacache and I really don't know much about > them despite having > > talked to them about this. :-) > > > > Any tips? > > > > Thanks, > > John [EMAIL PROTECTED] __ Do You Yahoo!? Send your FREE holiday greetings online! http://greetings.yahoo.com [EMAIL PROTECTED] -BEGIN PGP SIGNATURE- Version: PGPfreeware 6.5.8 for non-commercial use iQA/AwUBPDSNepjWtn+JGXXMEQLZKQCg+3TOggr5jPHDkiiIUNA432QyXuEAn0q+ 3h+AjGl07oBaBEd50z9qYxqR =Go/H -END PGP SIGNATURE- Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=30797&t=30724 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Re: SSL Accelerators [7:30724]
The problem we're trying to solve is this: before a user logs into our secure site all content is cacheable. Once they've logged in, *none* of it is cacheable because everything is encapsulated in SSL. This puts a huge load on our servers, trying to serve up secure version of our webpages when it really isn't necessary. If we offload the SSL processing to another device, this allows us to grab all cacheable content from the cache engine while grabbing the actual secure content from the other servers. Does that make sense? I feel I'm not explaining it very well. Here's an example to make it more clear. If a user isn't logged in and they go to our maps page, they can get directions to our different office locations. All of that content is cacheable. Once they've signed in and started an SSL session, everything they do now has to be served up directly from the server. The cache engine doesn't understand SSL and can no longer be used. If the user now goes to that same page, the maps and directions have to be encrypted by the server and then sent to the user. This is a needless waste of processing power on the server. If we offload the SSL processing to the loadbalancing switch or the cache engine, then even users with secure sessions can get static content from the cache engine. HTH, John Get your own "800" number Voicemail, fax, email, and a lot more http://www.ureach.com/reg/tag On Wed, 2 Jan 2002, Gaz ([EMAIL PROTECTED]) wrote: > Not providing many/any answers here I'm afraid - just asking more > questions. > Is SSL that suitable for caching? I would have thought that most SSL > traffic > would be unique (Session ID's/transaction info etc). > That's not a cocky question, I really don't know. I suppose there will > be > static content within the SSL pages. > > I've used Intel SSL accelerators which seem to perform pretty well. We > also > do a fair bit of load balancing with Foundry Networks kit (Server > Irons/Big > Irons) and they're pretty nippy and pretty cheap compared to Cisco, and > have > the advantage that their CLI is very close to Cisco. > I suppose it depends what scale you're doing it on. > > From what I've seen of the Cisco CSS (Arrowpoint kit) they seem to offer > greater functionality/flexibility than Foundry, but not seen much of > them > working in anger yet. > > Be interesting to hear what Stratacache really mean by caching content > in > SSL-ready format. > > > Gaz > > ""John Neiberger"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > We are looking at buying some new load balancing switches and new > cache > > engines and somewhere in that mix we want to add SSL acceleration. > One > > vendor that we're looking at sells load balancing switches with SSL > > acceleration built-in. Of course, they really like their way of doing > > this. The other vendor has a cache engine with SSL acceleration and > > they say there is a significant performance increase by caching > content > > in SSL-ready format. > > > > Do any of you have any thoughts here? The first vendor is F5 and I > > really like the looks of their Big IP series. The second vendor is > > Stratacache and I really don't know much about them despite having > > talked to them about this. :-) > > > > Any tips? > > > > Thanks, > > John [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=30755&t=30724 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: SSL Accelerators [7:30724]
tell you what the f5 bigip still works very nice... -Original Message- From: matt shiite [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 02, 2002 07:44 PM To: [EMAIL PROTECTED] Subject: Re: SSL Accelerators [7:30724] Personnally I have used the Alteon series loadbalancers with their ISD ssl accelerator. I can't complain...they have worked like a champ. Just another option for ya :) ms --- Gaz wrote: > Not providing many/any answers here I'm afraid - > just asking more questions. > Is SSL that suitable for caching? I would have > thought that most SSL traffic > would be unique (Session ID's/transaction info etc). > That's not a cocky question, I really don't know. I > suppose there will be > static content within the SSL pages. > > I've used Intel SSL accelerators which seem to > perform pretty well. We also > do a fair bit of load balancing with Foundry > Networks kit (Server Irons/Big > Irons) and they're pretty nippy and pretty cheap > compared to Cisco, and have > the advantage that their CLI is very close to Cisco. > I suppose it depends what scale you're doing it on. > > From what I've seen of the Cisco CSS (Arrowpoint > kit) they seem to offer > greater functionality/flexibility than Foundry, but > not seen much of them > working in anger yet. > > Be interesting to hear what Stratacache really mean > by caching content in > SSL-ready format. > > > Gaz > > ""John Neiberger"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > We are looking at buying some new load balancing > switches and new cache > > engines and somewhere in that mix we want to add > SSL acceleration. One > > vendor that we're looking at sells load balancing > switches with SSL > > acceleration built-in. Of course, they really > like their way of doing > > this. The other vendor has a cache engine with > SSL acceleration and > > they say there is a significant performance > increase by caching content > > in SSL-ready format. > > > > Do any of you have any thoughts here? The first > vendor is F5 and I > > really like the looks of their Big IP series. The > second vendor is > > Stratacache and I really don't know much about > them despite having > > talked to them about this. :-) > > > > Any tips? > > > > Thanks, > > John [EMAIL PROTECTED] __ Do You Yahoo!? Send your FREE holiday greetings online! http://greetings.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=30741&t=30724 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: SSL Accelerators [7:30724]
Personnally I have used the Alteon series loadbalancers with their ISD ssl accelerator. I can't complain...they have worked like a champ. Just another option for ya :) ms --- Gaz wrote: > Not providing many/any answers here I'm afraid - > just asking more questions. > Is SSL that suitable for caching? I would have > thought that most SSL traffic > would be unique (Session ID's/transaction info etc). > That's not a cocky question, I really don't know. I > suppose there will be > static content within the SSL pages. > > I've used Intel SSL accelerators which seem to > perform pretty well. We also > do a fair bit of load balancing with Foundry > Networks kit (Server Irons/Big > Irons) and they're pretty nippy and pretty cheap > compared to Cisco, and have > the advantage that their CLI is very close to Cisco. > I suppose it depends what scale you're doing it on. > > From what I've seen of the Cisco CSS (Arrowpoint > kit) they seem to offer > greater functionality/flexibility than Foundry, but > not seen much of them > working in anger yet. > > Be interesting to hear what Stratacache really mean > by caching content in > SSL-ready format. > > > Gaz > > ""John Neiberger"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > We are looking at buying some new load balancing > switches and new cache > > engines and somewhere in that mix we want to add > SSL acceleration. One > > vendor that we're looking at sells load balancing > switches with SSL > > acceleration built-in. Of course, they really > like their way of doing > > this. The other vendor has a cache engine with > SSL acceleration and > > they say there is a significant performance > increase by caching content > > in SSL-ready format. > > > > Do any of you have any thoughts here? The first > vendor is F5 and I > > really like the looks of their Big IP series. The > second vendor is > > Stratacache and I really don't know much about > them despite having > > talked to them about this. :-) > > > > Any tips? > > > > Thanks, > > John [EMAIL PROTECTED] __ Do You Yahoo!? Send your FREE holiday greetings online! http://greetings.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=30737&t=30724 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: SSL Accelerators [7:30724]
Not providing many/any answers here I'm afraid - just asking more questions. Is SSL that suitable for caching? I would have thought that most SSL traffic would be unique (Session ID's/transaction info etc). That's not a cocky question, I really don't know. I suppose there will be static content within the SSL pages. I've used Intel SSL accelerators which seem to perform pretty well. We also do a fair bit of load balancing with Foundry Networks kit (Server Irons/Big Irons) and they're pretty nippy and pretty cheap compared to Cisco, and have the advantage that their CLI is very close to Cisco. I suppose it depends what scale you're doing it on. >From what I've seen of the Cisco CSS (Arrowpoint kit) they seem to offer greater functionality/flexibility than Foundry, but not seen much of them working in anger yet. Be interesting to hear what Stratacache really mean by caching content in SSL-ready format. Gaz ""John Neiberger"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > We are looking at buying some new load balancing switches and new cache > engines and somewhere in that mix we want to add SSL acceleration. One > vendor that we're looking at sells load balancing switches with SSL > acceleration built-in. Of course, they really like their way of doing > this. The other vendor has a cache engine with SSL acceleration and > they say there is a significant performance increase by caching content > in SSL-ready format. > > Do any of you have any thoughts here? The first vendor is F5 and I > really like the looks of their Big IP series. The second vendor is > Stratacache and I really don't know much about them despite having > talked to them about this. :-) > > Any tips? > > Thanks, > John Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=30733&t=30724 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]