|
> > If I wanted to use a hardware SSL decrypting device such as a card in my
> > LVS-director boxes, how could I set this up in LVS? I see no problem
> > getting 443 to decrypt, but how do people then forward this traffic to
the
> > real server boxes? I like the idea of saving 20-30+ Thawte bills a
month
> > AND offloading a whole bunch of CPU for the one time cost of $500/card..
I might be missing something, but how would a SSL accel. card save you
certificate costs? You still have to buy a certificate per domain
(minimum). The only thing a SSL accel card would do is offload SSL
processing to a dedicated card, freeing up some processor power for other
things.
The SSL card would be a good upgrade for an over-taxed machine that needs to
hang around a little longer, but for ~$1200 (or less if you don't need
rackmount), you can get a whole system that will not only offload some of
the processing requirements, but it will add reliability to the cluster as
well.
> On the other hand, surely there is someone who isn't
> committing highway robbery to provide certificates.
It's a chicken and the egg sort of problem. You have to use a CA that is in
your users' browsers to avoid warnings from popping up, and all of the CA
certs that come with browsers charge outrageous fees. There are a couple of
places that can sign certificates on the cheap, but you have to import their
certificate into your browser.
-Jacob
Listingbook.com
|
