Encryption, in the form of Secure Sockets Layer (SSL) and its successor, Transport Layer Security (TLS), is the key to ensuring the security and integrity of internet communications. The problem with encryption is that encrypting and decrypting data requires a considerable investment of processor cycles for each connection.
Another consequence of encryption is that because encrypted communications are private, it isn’t possible to detect payloads such as malware and undesirable content “in flight.” But having every server decrypt and examine every request they receive then encrypt their responses involves significant processing and management overheads.
The answer to these issues is SSL offloading: the use of a solution that acts as a gateway and can use specialized hardware to accelerate SSL encryption and SSL decryption. The gateway system, typically called an application delivery controller (ADC), which typically also provides load balancing, becomes the front end for a server or cluster of servers.
For example, when a client initiates an encrypted data exchange, the ADC manages the setup of the SSL session and decodes the incoming client communications and, when the server responds, encrypts the outgoing replies. Because application delivery controllers are optimized to handle encryption and decryption as fast as possible, as well as reducing server processing loads, it also decreases network latency.
Using application delivery controllers to offload the SSL processing overhead from the servers is the primary goal but they can also inspect communications for security threats such as malware and phishing and prevent the transmission of sensitive data such as credit card or social security numbers.
Two of the most common types of SSL offloading are:
In both cases, the application delivery controller can inspect and filter communications. The value of SSL bridging is that it allows for communications on untrusted internal networks and while it doesn’t reduce the encryption/decryption overhead on the servers, it does remove the inspection and filtering overheads.
A10 Networks’ Thunder® Application Delivery Controller (ADC) is available in both hardware and software form factors; select hardware platforms also offer advanced security processors for dedicated SSL offload functions. As well as SSL offloading, our cost-effective and industry-leading products also provide deep packet inspection, filtering, load balancing, and traffic shaping.
Take this brief multi-cloud application services assessment and receive a customized report.