Yep makes sense. I suppose it comes down to price performance comparison and
hopefully you might be able to get some more feedback from the group
regarding the particular devices you're looking at. I suppose having the
cache in the same device as the SSL accelerator may increase performance,
but this probably depends on how much it limits the flexibility of using
separate (expandable devices). I know with the Intel devices, that if you
start maxing out you can add another accelerator to spread the load. Very
easy to manage once they're installed.
Is there a danger that transaction information is cached as it is at that
point converted to http? Don't know whether there are security issues or
not? I'm getting paranoid from banking jobs.
I suppose it depends on how your application works. Is it a possibility just
to load balance across more servers to lighten load as servers tend to be
the cheap part? Possibly a stupid question, but hey, it won't be my first or
my last.
Will be good to hear how it progresses.
Gaz
John Neiberger wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
The problem we're trying to solve is this: before a user logs
into our secure site all content is cacheable. Once they've
logged in, *none* of it is cacheable because everything is
encapsulated in SSL. This puts a huge load on our servers,
trying to serve up secure version of our webpages when it
really isn't necessary.
If we offload the SSL processing to another device, this allows
us to grab all cacheable content from the cache engine while
grabbing the actual secure content from the other servers.
Does that make sense? I feel I'm not explaining it very well.
Here's an example to make it more clear. If a user isn't
logged in and they go to our maps page, they can get directions
to our different office locations. All of that content is
cacheable.
Once they've signed in and started an SSL session, everything
they do now has to be served up directly from the server. The
cache engine doesn't understand SSL and can no longer be used.
If the user now goes to that same page, the maps and directions
have to be encrypted by the server and then sent to the user.
This is a needless waste of processing power on the server. If
we offload the SSL processing to the loadbalancing switch or
the cache engine, then even users with secure sessions can get
static content from the cache engine.
HTH,
John
Get your own 800 number
Voicemail, fax, email, and a lot more
http://www.ureach.com/reg/tag
On Wed, 2 Jan 2002, Gaz ([EMAIL PROTECTED]) wrote:
Not providing many/any answers here I'm afraid - just asking
more
questions.
Is SSL that suitable for caching? I would have thought that
most SSL
traffic
would be unique (Session ID's/transaction info etc).
That's not a cocky question, I really don't know. I suppose
there will
be
static content within the SSL pages.
I've used Intel SSL accelerators which seem to perform pretty
well. We
also
do a fair bit of load balancing with Foundry Networks kit
(Server
Irons/Big
Irons) and they're pretty nippy and pretty cheap compared to
Cisco, and
have
the advantage that their CLI is very close to Cisco.
I suppose it depends what scale you're doing it on.
From what I've seen of the Cisco CSS (Arrowpoint kit) they
seem to offer
greater functionality/flexibility than Foundry, but not seen
much of
them
working in anger yet.
Be interesting to hear what Stratacache really mean by
caching content
in
SSL-ready format.
Gaz
John Neiberger wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
We are looking at buying some new load balancing switches
and new
cache
engines and somewhere in that mix we want to add SSL
acceleration.
One
vendor that we're looking at sells load balancing switches
with SSL
acceleration built-in. Of course, they really like their
way of doing
this. The other vendor has a cache engine with SSL
acceleration and
they say there is a significant performance increase by
caching
content
in SSL-ready format.
Do any of you have any thoughts here? The first vendor is
F5 and I
really like the looks of their Big IP series. The second
vendor is
Stratacache and I really don't know much about them despite
having
talked to them about this. :-)
Any tips?
Thanks,
John
[EMAIL PROTECTED]
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=30821t=30724
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]