|
> I have been using LVS for a small farm for a couple of years
> now. I am interested in adding SSL hardware acceleration to
> my two LVS servers. It is my goal to maintain performance by
> offloading the SSL chores, and reduce the cost of certificate
> renewal by not applying certificates to my web servers.
>
> Can anyone offer advice from experience doing the same? I am
> using an LVS-NAT configuration currently and am happy with
> it. It has been suggested that I get a commercial product to
> do this (Big-IP from F5) which I am not absolutely opposed
> to, but if there is a good track record with adding SSL
> hardware acceleration to LVS then I will be happy to stick
> with what I've been using.
Intel used to make a daisy-chain network device that would do this. A lot of
companies still add an SSL card to a few servers, e.g.
http://h18004.www1.hp.com/products/servers/security/axl600l/ or
http://www.chipsign.com/modex_7000.htm. And then there are the accelerators
on F5s and their like. I think the least disruptive way will be the
add-on-card to two servers and a :443 vip containing only them.
> Thanks for any comments or links which address this topic.
Hope it helps.
Regards,
P
|
