Secure sockets layer (SSL) is a popular method for encrypting data that is transferred over the Internet. SSL acceleration is a method of offloading the processor-intensive public key encryption algorithms involved in SSL transactions to a hardware accelerator. Typically, this is a separate card in an appliance that contains a co-processor able to handle most of the SSL processing.

Despite the fact that it uses faster symmetric encryption for confidentiality, SSL still causes a performance slowdown. That is because there is more to SSL than the data encryption. The “handshake” process, whereby the server (and sometimes the client) is authenticated, uses digital certificates based on asymmetric or public key encryption technology. Public key encryption is very secure, but also very processor-intensive and thus has a significant

negative impact on performance. The method used to address the SSL performance problem is the hardware accelerator. By using an intelligent card that plugs into a PCI slot or SCSI port to do the SSL processing, it relieves the load on the Web server’s main processor.

Connection multiplexing

Connection multiplexing works by taking advantage of a feature in HTTP/1.1 that allows for multiple HTTP requests to be made over the same TCP connection. So instead of passing each HTTP connection from the client to the server in a one-to-one manner, the appliance combines many separate HTTP requests from clients into relatively few HTTP connections to the server. This keeps the connections to the server open across multiple requests, thus eliminating the high turnover that is typically encountered in high volume Web sites. The ultimate result is that there is higher performance out of the same servers without any changes or improvements to the server infrastructure.

Clustering

A cluster is a group of application servers that transparently run applications as if it were a single entity. Clusters can comprise redundant and fail over-capable machines: A typical cluster in a network integrates Layer 4-7 Load Balancers, Gateway Routers, which exist at the end of a network on each side, and various switches in a network, which integrates the application and Web Servers with the whole Network. Firewalls are used in filtering port level access to all network resources and data storage devices (which can use any media such as Tape drives, Magneto- Optical drives or Simple hard drives). A cluster manages the writing of data on main storage devices as well as the redundant ones and manages switchover to redundant storage media in case of a failure of primary data storage devices.

Network security (Firewalls)