SSL/TLS Acceleration and Offload
- Hardware acceleration for unprecedented SSL/TLS performance, 2048-bit or 4096-bit keys
- Decrease server utilization
- Centralized certificate management
- Wide choice of AX Series models
Internet users today are much more alert about web security than just a few years ago; secured traffic exchange is becoming the standard now for web sites and applications.
Encrypting and decrypting network traffic is a very CPU-intensive task. The initial session setup in particular, demands the most of a CPU. The general purpose CPUs of server hardware will take a significant hit when a website migrates towards 2048-bit or higher SSL keys. When upgrading from 1024-bit to 2048-bit keys, the CPU usage typically increases 4–7 times. For 4096-bit keys, server CPUs are bound to reach their limits at typical volumes. The industry is quickly upgrading to 2048-bit keys; the minimum key length changed from 1024 to 2048-bit. Certificate Authorities (CAs) no longer provide certificates with key lengths smaller than 2048-bit.
The administration of certificates can be a daunting task, when many servers use a separate certificate. Moving the SSL termination point to the AX Series Application Delivery Controller greatly reduces operational cost for time spent managing certificates and reduces human operational errors. More importantly, the backend servers are relieved from the CPU-intensive tasks of encrypting and decrypting, and setting up the secured network connections, significantly reducing server hardware demands and subsequently reducing the number of servers needed for the application.
The AX Series has dedicated, powerful hardware for managing secured traffic and high-volume traffic peaks that enable the AX device to handle many Connections per Second (CPS). It is also possible that new customers in a web hosting environment may suddenly demand SSL certificates with 4096-bit keys. The ADC must be highly flexible to meet such demands effectively.
AX Series with dedicated SSL hardware acceleration
The AX Series appliances are powered by the 64-bit ACOS operating system, which provides linear scalability and is designed to get the maximum performance levels from the application and traffic acceleration hardware. All models have powerful CPUs and support the SSL Offload feature, but select models are available with a range of high-performance, multi-chip SSL acceleration cards that are exceptionally well suited for environments with growing SSL needs.
The new SSL acceleration hardware for the AX Series provides near-parity performance for the upgrade to 2048-bit key lengths, and has the extreme power needed to handle 4096-bit keys at high quality production levels.
4096-bit SSL Performance
For environments where higher encryption standards are required, the AX Series proves to be the right solution. Even when upgrading to 4096-bit keys, the SSL hardware acceleration cards provide unprecedented performance, making 4096-bit keys viable and cost effective for production use.