|
>> Better to let the real servers handle the SSL... you
>> can always add more real servers if SSL processing
>> bogs them down by some fraction.
> I agree. And arguments that I have heard to the contrary
> are usually tedious at best. SSL is probably the
> most expensive thing that your cluster needs to do.
> Thus disributing amongst the real servers makes the most sense
> as you can scale that by just adding new machines.
If I wanted to use a hardware SSL decrypting device such as a card in my
LVS-director boxes, how could I set this up in LVS? I see no problem
getting 443 to decrypt, but how do people then forward this traffic to the
real server boxes? I like the idea of saving 20-30+ Thawte bills a month
AND offloading a whole bunch of CPU for the one time cost of $500/card..
|
