LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

RE: SSL acceleration for a web farm

To: "LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: RE: SSL acceleration for a web farm
From: "Peter Mueller" <pmueller@xxxxxxxxxxxx>
Date: Wed, 17 Aug 2005 13:29:18 -0700
> I have been using LVS for a small farm for a couple of years 
> now.  I am interested in adding SSL hardware acceleration to 
> my two LVS servers. It is my goal to maintain performance by 
> offloading the SSL chores, and reduce the cost of certificate 
> renewal by not applying certificates to my web servers.  
> 
> Can anyone offer advice from experience doing the same?  I am 
> using an LVS-NAT configuration currently and am happy with 
> it.  It has been suggested that I get a commercial product to 
> do this (Big-IP from F5) which I am not absolutely opposed 
> to, but if there is a good track record with adding SSL 
> hardware acceleration to LVS then I will be happy to stick 
> with what I've been using.

Intel used to make a daisy-chain network device that would do this.  A lot of
companies still add an SSL card to a few servers, e.g.
http://h18004.www1.hp.com/products/servers/security/axl600l/ or
http://www.chipsign.com/modex_7000.htm.  And then there are the accelerators
on F5s and their like.  I think the least disruptive way will be the
add-on-card to two servers and a :443 vip containing only them.

> Thanks for any comments or links which address this topic.

Hope it helps.

Regards,

P

<Prev in Thread] Current Thread [Next in Thread>