|
> > I might be missing something, but how would a SSL accel. card
> > save you certificate costs? You still have to buy a
> > certificate per domain (minimum). The only thing a SSL accel
> > card would do is offload SSL processing to a dedicated card,
> > freeing up some processor power for other things.
>
> Currently we have SSL-certificates per real server.
Why? You only need a certificate per domain. You should be able to copy it
to as many servers as you want. I had a SSL IPs load balanced using LVS-TUN
with two computers, using the same certificate, and nothing complained about
the certificate.
>
> > The SSL card would be a good upgrade for an over-taxed
> > machine that needs to hang around a little longer, but for
> > ~$1200 (or less if you don't need rackmount), you can get a
> > whole system that will not only offload some of the
> > processing requirements, but it will add reliability to the
> > cluster as well.
>
> I look at it as a way of extending the capabilities of 20-30 machines by
> two-fold -- for cheap. Too bad a solution like Intel's bridge/passthrough
> SSL-decrypter doesn't exist anymore.
>
> Sigh.
Ahh, that makes more sense.
-Jacob
Listingbook.com
|
