- About Us
- Products
- Solutions
- Support
- Partners
- Resources
- News & Events
- Language
- How To Buy
A10 Thunder & AX Series- Home
- Products
- Thunder & AX Series
- SSL/TLS Acceleration and Offload
Resources
Solution Brief: SSL Intercept: Securing Encrypted Traffic
Case Study: SapientNitro Increases Value with SSL Offload
Deployment Guide: AX Series for Palo Alto Networks SSL Intercept and Firewall Load Balancing
White Paper: High Performance, High Capacity 2048/4096-bit SSL Offload
Video: 64-bit AX Series and ACOS
SSL/TLS Acceleration and Offload
- Hardware acceleration for unprecedented SSL/TLS performance, 2048-bit or 4096-bit keys
- Decrease server utilization
- Centralized certificate management
- Wide choice of AX Series models
Internet users today are much more alert about web security than just a few years ago; secured traffic exchange is becoming the standard now for web sites and applications.
Encrypting and decrypting network traffic is a very CPU-intensive task. The initial session setup in particular, demands the most of a CPU. The general purpose CPUs of server hardware will take a significant hit when a website migrates towards 2048-bit or higher SSL keys. When upgrading from 1024-bit to 2048-bit keys, the CPU usage typically increases 4–7 times. For 4096-bit keys, server CPUs are bound to reach their limits at typical volumes. The industry is quickly upgrading to 2048-bit keys; the minimum key length changed from 1024 to 2048-bit. Certificate Authorities (CAs) no longer provide certificates with key lengths smaller than 2048-bit.
The administration of certificates can be a daunting task, when many servers use a separate certificate. Moving the SSL termination point to the AX Series Application Delivery Controller greatly reduces operational cost for time spent managing certificates and reduces human operational errors. More importantly, the backend servers are relieved from the CPU-intensive tasks of encrypting and decrypting, and setting up the secured network connections, significantly reducing server hardware demands and subsequently reducing the number of servers needed for the application.
The AX Series has dedicated, powerful hardware for managing secured traffic and high-volume traffic peaks that enable the AX device to handle many Connections per Second (CPS). It is also possible that new customers in a web hosting environment may suddenly demand SSL certificates with 4096-bit keys. The ADC must be highly flexible to meet such demands effectively.
AX Series with dedicated SSL hardware acceleration
The AX Series appliances are powered by the 64-bit ACOS operating system, which provides linear scalability and is designed to get the maximum performance levels from the application and traffic acceleration hardware. All models have powerful CPUs and support the SSL Offload feature, but select models are available with a range of high-performance, multi-chip SSL acceleration cards that are exceptionally well suited for environments with growing SSL needs. Please refer to the AX Series models datasheets and model specifications.
The new SSL acceleration hardware for the AX Series provides near-parity performance for the upgrade to 2048-bit key lengths, and has the extreme power needed to handle 4096-bit keys at high quality production levels.
|
|
|
4096-bit SSL Performance
For environments where higher encryption standards are required, the AX Series proves to be the right solution. Even when upgrading to 4096-bit keys, the SSL hardware acceleration cards provide unprecedented performance, making 4096-bit keys viable and cost effective for production use. Please refer to the SSL Offload White Paper to find out how the increasing trend of SSL usage impacts server environments, and how the AX Series with SSL hardware acceleration solves SSL related problems; now and well into the future. The new SSL Intercept ACOS feature also leverages the new AX Series SSL hardware. |