| Sun Fire B10p SSL Proxy Blade Administration Guide |    
|
| Sun Fire B10p SSL Proxy Blade Administration Guide |
|
| A P P E N D I X B |
|
Application Notes |
A typical application of the SSL proxy blade is to offload SSL processing from servers. The network configurations vary depending on the application (eCommerce and Financial services), the total supported bandwidth, and level of fault tolerance. The advantage of the SSL proxy blade platform is that it scales from low-end to very high-end applications, as it provides the fastest transaction throughput, the largest number of concurrent sessions, and the fastest data transfer in the market by a large factor. This chapter includes application notes on various aspects of including the SSL proxy blade in new and existing network infrastructures.
The SSL proxy blade platform and associated models are many times superior than any other SSL accelerators in the market in all the three key figures of merit: SSL transactions per second, Bulk bandwidth, and concurrent sessions.
In a typical eCommerce or Financial Services application, the user enters a non-secured home page using HTTP. The application switches to Secure HTTP (HTTPS) only when entering the check-out/purchase page where credit card information is requested, or after login into the member services. The switch to HTTPS can be implemented with HTTPS links or by forcing the plain text server to redirect the client to a different secure web server in the same or different system. The client uses HTTPS until the application switches back to the plain text server.
When the SSL proxy blade is introduced, the secure pages need to be served in clear text. Thus, the secure server is set up to listen in port 880, for example. if the SSL proxy blade clear port is set to 880, the secure server is set up to serve clear pages on port 880. The plain server does not require configuration change.
The SSL proxy blade often needs to be installed in fault tolerant networks. A true fault tolerant setup requires the main SSL proxy blade to fail over to another SSL proxy blade that has the same configuration. The fail over is done by the switch upstream of the two SSL proxy blade units.
The configuration of the main SSL proxy blade can be exported to a file and imported into the fail over unit. Depending on the network, the fail over unit may need a different network configuration, to be applied after the configuration transfer from the main unit.
| Sun Fire B10p SSL Proxy Blade Administration Guide | 817-0826-11 |
|
Copyright © 2004, Sun Microsystems, Inc. All rights reserved.