Ssl and sticky (sa8200/sa8220 only), Grouping services, Ssl acceleration (sa8200/ sa8220 only) – HP Traffic Director sa7220 User Manual
Page 29: Ssl acceleration (sa8200/sa8220 only)
C H A P T E R 2
SSL Acceleration (SA8200/SA8220 only)
17
SSL and Sticky (SA8200/SA8220 only)
SSL (Secure Sockets Layer, or HTTPS)-enabled services can also be
made sticky by specifying “sticky cookie” or “sticky src-ip” on the
CLI. For SSL services, sticky cookie behaves exactly as it does for
ordinary HTTP services. Source IP sticky uses the SSL session ID to
maintain server context. The server relationship will not survive
failover. As with sticky cookie, use of the session ID uniquely
identifies the client even if the request passes through a proxy server.
Grouping Services
NOTE: RICH is required
for sticky service
grouping.
The SA8220's sticky capabilities can ensure that all service requests
from the same user are routed to the same server. Enabling sticky
cookie on multiple services ensures that requests from the same client
will be routed to the same fulfillment server for the duration of the
sticky relationship. Of course the server must be able to fulfill all
service requests to have a true one-to-one client-server relationship.
SSL
Acceleration
(SA8200/
SA8220 only)
The SA8220 is a powerful addition to any web site desiring high
security levels. It was specifically created to manage secure traffic
going to and from critical applications. It handles SSL traffic into and
out of the customer's environment, as well as providing load
balancing, fault management, and error recovery.
The SA8220 includes cryptographic software features and hardware-
based acceleration. It provides up to 1200 SSL (HTTPS) connections
per second (SA8220 only), far exceeding the performance of even the
most powerful web servers on the market today.
The SA8220 allows users to offload SSL processing from their back
end servers, and at the same time achieve full-featured traffic
management. In a SA8220 environment, all encrypted traffic—
required by e-commerce applications—is handled at the SA8220.
The interaction between the SA8220 and the servers is done in the
clear, allowing load balancing and session management.
SSL processing is enabled by assigning an RSA private key (a public
encryption key algorithm invented in 1977) and an X.509 certificate
to a Layer 7 service. The SA8220 Command Line Interface (CLI)
allows you to create or import keys and certificate when you define a
service. Once the key and certificate are in place, secure HTTP
(HTTPS) requests are decrypted and passed on to the web server. The