By: Shibu Paul Regional Sales Director – India, ME and SEA, Array Networks
With the improvements in computing technologies, enterprises are constantly facing issues of data security. Data center designs, as well as the delivery mechanisms for resources and applications are constantly evolving with the shift to cloud.
Organizations are under increasing pressure to implement a good encryption solution or strategy to secure the connection between a server and client. In order to consolidate resources and enable rapid scaling, data centers often deploy a virtualized infrastructure including virtualized servers, firewalls, and application delivery controllers (ADCs).
The shift brought by cloud computing has also changed the way that business- critical information is shared and used – it is no longer confined to the traditional IT environment. SSL/TLS data encryption is frequently employed to secure mission-critical and sensitive data across the Internet. Traditionally, enterprises have always secured their data from theft and attacks by padlocking it behind a corporate boundary. But this would result in performance degradation, as the ADC will be exploited in the enterprises. Adding multiple vAPV, virtual ADC appliances can help scale up SSL/TLS performance, but this invariably increases the cost and setup complexity. Today, a dedicated model for SSL/TLS offloading works best, considering the solutions currently available.
Problems with Traditional SSL Offloading
The norm is to opt for SSL offloading, which enables enterprises to handle data encryption and secure transmission of data across remote areas. SSL/TLS data encryption has become the existing standard for securing data in transit. Cloud-based virtual ADC appliances support software-based SSL/TLS data encryption by leveraging the host CPU’s resources. In many cases, those resources provide enough performance and throughput via enhancements. However, data processing activities usually slow down the performance. Encryption typically degrades the performance of enterprises as it requires huge amount of processing when the data is transmitted over the web.
SSL/TLS performance can be assured in a virtual environment by a hybrid virtual/dedicated ADC model. This not only benefits the enterprises, but also enhances the performance within a virtual environment. This model combines the economies and flexibility by offering the combined performance and throughput of many ADC appliances on one virtual ADC appliance. SSL/TLS offloading in a virtualized environment presents several hurdles like lower/ reduced performance compared to hardware-based ADC, scaling etc. Sure, you can throw more virtual ADCs into the mix, but it will add both cost and setup/management complexity to the equation.
How This Model Works
SSL offloading works by handling compute-intensive SSL functions for servers – such as key exchange, bulk encryption and client certificate management. It’s ideal for scaling SaaS and e- Contributory Bylined Article commerce environments, as well as business-critical applications for healthcare, financial services and other industries.
SSL offloading to the dedicated ADCs can reduce burden on servers and improve application performance. In a virtualized environment, the performance and scaling of SSL/TLS processing can be assured through a hybrid virtual/dedicated ADC model. With this model, processing can be offloaded from both – the servers and the virtual ADC appliances, whereas application capacity and availability can also be increased by supporting more SSL/TLS secure connections than otherwise could be processed. Moreover, enterprises can achieve a quality performance from a dedicated model for SSL/TLS offloading.
Benefits of a Hybrid Virtual/Dedicated Model
When you need to ensure SSL/TLS performance through SSL offloading, and scaling is also a concern, consider a hybrid virtual/dedicated model. In virtualized environments, SSL/TLS data encryption is commonly used to secure mission-critical and sensitive data as it transits to remote users and shared networks.
By offloading SSL functions to dedicated application delivery controllers, a significant burden is lifted from Web and application servers. As a result, server efficiency and application performance are greatly improved. By removing the overhead of SSL processing from Web and application servers, those resources can now operate at greater efficiency and with much higher performance. Application and Web response times are reduced, resulting in improved end-user experience. Thus, SSL offloading to the dedicated ADCs can lessen burden on servers and improve application performance.
This offloading model improves performance, supports scaling and enhances application security. It can accelerate secured applications by reducing the time-delays for key exchange, encryption/decryption and other functions. A dedicated model for SSL/TLS offloading can encrypt and decrypt data at better speeds than a back-end server, ensuring improved performance. In addition, it improves scaling capability by performing redundancy and application health check to increase application availability as it offers a simple means of scaling up secured application capacity and availability through SSL offloading.
It also offers a multi-layered network security with a device or service placed between a client, and a server in a network infrastructure which can enhance the application security. A hybrid virtual/dedicated model combines the flexibility and low cost of virtual ADCs with the raw horsepower of a dedicated appliance – which can support up to 4 million SSL/TLS connections/sections and up to 25 gbps encrypted data throughput per unit.