HP e-Commerce / XML director server appliance sa8250 - Users Guide

C H A P T E R 6 HP e-Commerce/XML Director Server Appliance SA8250 User Guide

252

Scenario 5:

Using SSL

Acceleration

We now build upon Scenario 4 by adding a Layer 7 service using the

SA8250’s SSL acceleration capabilities. As discussed earlier, the

SA8250 can off load SSL processing from the web server, providing

dramatically improved performance. This diagram shows the

network configuration for scenario 5.

Network Configuration for Scenario 5

In the conventional secure web server setup, protected data is

accessed using the HTTPS (HTTP over SSL) on port 443. In this

example we add a new web server, “Serv3,” which along with

“Serv2” (defined in Scenario 4) hosts this data and accesses it through

VIP 30.1.1.201 on port 443. We assume the data is accessed on server

port 80 to isolate it from normal HTTP traffic. It is also strongly

recommended that secure data be isolated from the rest of the

network through the use of the inside NIC interface and the SA8250's

security firewall capabilities.

The following processes occur in Scenario 5:

1. The client connects to the SA8250 with ClientHello (includes

ciphers supported).

2. The SA8250 responds with SSL Server Hello (includes selected

cipher and session ID).

3. The SA8250 sends the certificate for the server

4. The client sends the ClientKeyExchange message, including the

PK (session key).

Client

SA8250

Switch

Server

Internet