Internet users today are much more alert about web security than just a few years ago; secured traffic exchange via encrypted http traffic is becoming the standard now for web sites and applications.
Encrypting and decrypting network traffic is a very CPU-intensive task for servers. The initial session setup in particular, demands the most of a CPU. The general purpose CPUs of server hardware will take a significant hit when a website migrates towards 2048-bit or higher SSL keys. When upgrading from 1024-bit to 2048-bit keys, the CPU usage typically increases 4–7 times. For 4096-bit keys, server CPUs are bound to reach their limits at typical volumes. The industry is quickly upgrading to 2048-bit keys; the minimum key length changed from 1024 to 2048-bit. Certificate Authorities (CAs) no longer provide certificates with key lengths smaller than 2048-bit.
The A10 ADCs have dedicated, powerful hardware for managing secured traffic and high-volume traffic peaks that enable the A10 ADC to handle many Connections per Second (CPS). It is also possible that new customers in a web hosting environment may suddenly demand SSL certificates with 4096-bit keys. The ADC must be highly flexible to meet such demands effectively.
The administration of certificates can be a daunting task, when many servers use a separate certificate. Moving the SSL termination point to the A10 ADC's greatly reduces operational cost for time spent managing certificates and reduces human operational errors. More importantly, the backend servers are relieved from the CPU-intensive tasks of encrypting and decrypting, and setting up the secured network connections, significantly reducing server hardware demands and subsequently reducing the number of servers needed for the application.
Thunder and AX Series ADCs with dedicated SSL hardware acceleration
The Thunder and AX Series appliances are powered by the 64-bit ACOS operating system, which provides linear scalability and is designed to get the maximum performance levels from the application and traffic acceleration hardware. All models have powerful CPUs and support the SSL Offload feature, but select models are available with a range of high-performance, multi-chip SSL acceleration cards that are exceptionally well suited for environments with growing SSL needs.
The new SSL acceleration hardware for the A10 ADCs provide near-parity performance for the upgrade to 2048-bit key lengths, and has the extreme power needed to handle 4096-bit keys at high quality production levels.
4096-bit SSL Performance
For environments where higher encryption standards are required, the A10 ADCs prove to be the right solution. Even when upgrading to 4096-bit keys, the SSL hardware acceleration cards provide unprecedented performance, making 4096-bit keys viable and cost effective for production use.