RE: SSL acceleration for a web farm

To: " users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: RE: SSL acceleration for a web farm
From: "Timothy Arnold" <tim@xxxxxxxxxxxxxxxxx>
Date: Wed, 17 Aug 2005 22:34:49 +0100 (BST)

> Intel used to make a daisy-chain network device that would do this.  A lot
> of
> companies still add an SSL card to a few servers, e.g.
> or
>  And then there are the
> accelerators
> on F5s and their like.  I think the least disruptive way will be the
> add-on-card to two servers and a :443 vip containing only them.

I haven't tried this with LVS - but I see no reason why this wouldn't
work. You could use a secure content accelerator like the Cisco SCA1/SCA2.
These could sit between your client and LVS (transparently) or you could
create a server farm of SCAs for high availablity. This means that your
web servers would see the requests unencryted (still secured though) so
this means they wouldn't take a performance hit.

Just my $0.02

<Prev in Thread] Current Thread [Next in Thread>