Explaining SSL Offloading
The Snapt One Load Balancer and Web Accelerator both have full SSL offloading capabilities. This allows you to terminate SSL at Snapt One, reducing the load on your web servers by 10-20x.
SSL encryption is a computationally heavy task and our system is extremely efficient at it. This allows you to reduce the load on your servers, remove complexity from managing SSL, protect against SSL vulnerabilities as well as optimize SSL content.
This is where an SSL offloader steps in. The Snapt One device communicates with your clients via SSL (HTTPS) and proxies that connect to your servers in plain text (HTTP). Neither side has any idea this is occurring, and the load on your web servers goes down by up to 90%.
Why is SSL so computationally expensive?
Encrypting (and decrypting) requests use a large amount of CPU resources.
The worst part of this is the initial session negotiation – when a client first connects to you. If your traffic type is small and frequent spread out requests you could be spending a huge amount of time negotiating encryption.
After the initial connection, the load is much lower, but still a significant amount higher than a plain text connection. Depending on your traffic (ie lots of small connections) and SSL offloader can reduce 90% of your web server load.
Snapt One has the same challenge as a web server, but with a much more efficient engine and at a single manageable point. This allows your web servers to do what they do best and for Snapt One to manage the security to your clients. Added to that encryption requirements are becoming more extreme to increase security, but that also increases the load.
Why offload if I have enough power?
Management of SSL can become a headache for your admins – when a certificate is updated all the web servers must be changed. With Snapt One, a single location stores and monitors your SSL certificates, allowing easy management.
SSL on web servers also has a name for being an attack point for both ‘denial of service’ and remote vulnerabilities. You are always at risk, and it puts more pressure on your team to constantly keep the SSL libraries up to date if the vulnerability has even been patched.
Snapt One uses the strongest and most efficient ciphers, blocks ‘denial of service’ attacks and only passes through complete and valid HTTPS requests. You also get the benefit of the regular Snapt One Web Acceleration engine which dramatically improves the performance of your site.
What about when I need to scale?
Once you reach the performance limit on a single Snapt One instance or server you can scale out easily, replicating configurations to sets of servers that perform the same critical tasks for you automatically. All of our solutions feature full redundancy.