SSL questions

To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Subject: SSL questions
From: "Chad Morland" <cmorland@xxxxxxxxx>
Date: Tue, 30 May 2006 13:35:54 -0400
This may be a little off topic for this list but I'm going to ask anyway...

I have been investigating LVS along with commercial solutions from f5 and
Cisco as a LB solution and I am trying very hard to get mgmt to go with LVS.
However one of our requirements is to be able to easily manage multiple SSL
certificates.  One of the big reasons that I want to go with LVS is that the
DR method can be dropped into place without requiring a large redesign of
our existing network infrastructure and we can migrate over incrementally,
most commerical solutions seem to use the NAT method. Ideally I'd like to
keep away from the NAT method for performance and managability reasons.

What I am trying to achieve is to have the SSL certificates located on the
LVS machine so that when a request comes in from a client the authentication
and encryption tasks are performed on that machine. After that the traffic
will be sent in clear text to the backend servers so that I am able to use
namebased hosts. My reasoning for this is so that I do not have to do any
port mapping, I don't have to manage 100+ IP addresses (public & private)
for 50 certificates and I don't have to configure the RS in any exceptional
ways. This is similar to an SSL  accelerator such as the addon provided by
f5 or a Cisco SCA.

I know that LVS itself does not have any SSL capabilities aside from being
able to balance HTTPS traffic. So I was wondering if anyone knew of an open
source product that provided the functionality that I am speaking of?

I apologize if the terminology I've used is incorrect as I am far from an
expert in this area. Further apologies if this message is way off topic but
I figured that this is somewhat related to LVS.

<Prev in Thread] Current Thread [Next in Thread>