Explaining SSL Offloading
The Snapt Aria Load Balancer and Web Accelerator both have full SSL offloading capabilities. This allows you to terminate SSL at Snapt Aria, reducing the load on your web servers by 10-20x.
SSL encryption is a computationally heavy task and our system is extremely efficient at it. This allows you to reduce the load on your servers, remove complexity from managing SSL, protect against SSL vulnerabilities as well as optimize SSL content.
Should you choose to use the Web Accelerator to do SSL offloading, you’ll have the ability make use of PageSpeed to optimize the delivery for blazing faster page speed load times. This plus our blazing-fast cache on the Web Accelerator, being able to cache your objects for short periods of burst, will drastically save CPU power on your backends and ensure your website stays fast.
This is where an SSL offloader steps in. The Snapt Aria device communicates with your clients via SSL (HTTPS) and proxies that connect to your servers in plain text (HTTP). Neither side has any idea this is occurring, and the load on your web servers goes down by up to 90%.
Please do take note, that the SSL offloading performance between the Snapt Aria Load Balancer and Snapt Aria Web Accelerator is equal in performance, and if PageSpeed and Caching isn’t required, we recommend only using the Snapt Aria Load Balancer for offloading.
Why is SSL so computationally expensive?
Encrypting (and decrypting) requests use a large amount of CPU resources.
The worst part of this is the initial session negotiation – when a client first connects to you. If your traffic type is small and frequent spread out requests you could be spending a huge amount of time negotiating encryption.
After the initial connection, the load is much lower, but still a significant amount higher than a plain text connection. Depending on your traffic (ie lots of small connections) and SSL offloader can reduce 90% of your web server load.
Snapt Aria has the same challenge as a web server, but with a much more efficient engine and at a single manageable point. This allows your web servers to do what they do best and for Snapt Aria to manage the security to your clients. Added to that encryption requirements are becoming more extreme to increase security, but that also increases the load.
Why offload if I have enough power?
Management of SSL can become a headache for your admins – when a certificate is updated all the web servers must be changed. With Snapt Aria, a single location stores and monitors your SSL certificates, allowing easy management.
SSL on web servers also has a name for being an attack point for both ‘denial of service’ and remote vulnerabilities. You are always at risk, and it puts more pressure on your team to constantly keep the SSL libraries up to date if the vulnerability has even been patched.
Snapt Aria uses the strongest and most efficient ciphers, blocks ‘denial of service’ attacks and only passes through complete and valid HTTPS requests. You also get the benefit of the regular Snapt Aria Web Acceleration engine which dramatically improves the performance of your site.
What about when I need to scale?
Once you reach the performance limit on a single Snapt Aria instance or server you can scale out easily, replicating configurations to sets of servers that perform the same critical tasks for you automatically. All of our solutions feature full redundancy.