4.11.3 Using an SSL accelerator to process encrypted communication
This subsection describes how to use an SSL accelerator to process encrypted communication.
- Organization of this subsection
(1) The purpose of using an SSL accelerator
When considering security threats, one way to prevent leakage of application communication to third parties and alteration of such communication is the use of communication encryption. Using HTTPS for communication is one method of encryption. However, TLS/SSL-based communication, on which HTTPS is based, incurs a very high load.
An SSL accelerator is a piece of hardware dedicated to implementing HTTPS-encrypted communication processing without placing a load on the Web or application server. The correct deployment of an SSL accelerator will help accelerate encrypted communication without placing a load the Web or application server.
(2) Deploying an SSL accelerator
The following figure shows a configuration example using an SSL accelerator.
|
|
![[Figure]](GRAPHICS/ZU050700.GIF)
Communications sent by the Web client over HTTPS are decrypted by the SSL accelerator, and then passed on to the Web or application server over HTTP. Communications sent by the Web or application server over HTTP are encrypted by the SSL accelerator, and then passed on to the Web client.
When deploying an SSL accelerator, consider the following points:
-
An SSL accelerator can be used as a firewall. In such a case, treat the SSL accelerator as part of your Web or application server.