Most tech leaders, especially CTOs and Web site teams, are very familiar with using Secure Sockets Layer (SSL) to safeguard Web transactions. For quite some time, you've likely been using SSL accelerators to boost transaction speeds, specifically for online storefronts and payment processes.
What you may not know is that those same SSL acceleration tools are now increasingly being used to secure data transmission outside the realm of e-commerce. They’re also coming into play as enterprises move legacy applications to intranets and extranets.
“There’s a greater demand for tighter security on Internet services beyond traditional e-commerce and file transfer applications, and that’s what is spurring the acceleration hardware market,” explained Neil Osipuk, directing analyst of e-business infrastructure and hosting at the market research company Infonetics Research, based in San Jose, CA.
The dual-use trend is also being spurred by enterprises moving legacy applications to the Web for intranet and extranet use.
SSL use expanding internally
Indeed, companies are using SSL to support, and secure, many new applications these days. “We’ve set up a poor man’s VPN with SSL,” said Robert Berklinger, an in-house network systems consultant at a Boston financial institution. Berklinger’s firm has developed many custom Web-based applications for a number of internal departments—and each demands more stringent security than just username and password protection. SSL’s built-in encryption provides the required protection, said Berklinger.
“We have some HR applications that let employees access benefits information from any Web browser, whether they are on the corporate intranet or accessing the site from home over the Internet,” explained the consultant. “So confidentiality of the data in transit is of utmost importance.”
Where acceleration tools fit in
But while there is no doubt that SSL is useful outside of the e-commerce environment, it brings its own unique set of issues for today’s tech teams. As companies use SSL to secure access to more information, for more and more users, the main issue a CIO must deal with is performance.
Everything associated with an SSL session—from authenticating a user to handling the encryption and decryption of data—is processor-intensive. In the e-commerce venue, this meant that as online business and transaction load grew, so did the need for SSL acceleration products.
Companies now turning to SSL for nontransaction application security needs are facing the same dilemma and are grabbing the same acceleration tools. These tools essentially pull SSL duties off of a Web server and allow the server to handle more simultaneous Web sessions. Basically, the Web server is freed up to carry out its normal chores.
Which acceleration tool is right for your company?
Today, there are a slew of choices in hardware-based SSL acceleration: SSL acceleration cards that plug into a Web server; stand-alone SSL appliance devices that sit in front of a Web server; and integrated devices that combine SSL acceleration with other functions, like load balancing.
Each approach has its benefits and drawbacks, and there is no one best fit for every company. What follows is a quick synopsis of each tool:
Plug-in cards: While plug-in cards are a good solution for companies with only a small number of Web servers, most large enterprises are opting for either the SSL acceleration appliance or integrated product approach.
Appliance device: Some SSL product users swear by the appliance approach for its simplicity. Basically, the device is installed in front of a Web server and there are minimal configuration options—making it fairly easy to install and manage.
Integrated products: Proponents of integrated SSL products often use a different product, like load balancing, and find they need a hardware assist for their SSL traffic. In such cases, an integrated device makes sense, as it’s easier to manage one device that performs multiple networking functions than to manage two or more separate devices.
How architecture comes into play
CIOs should be aware that network architectural issues often end up dictating the choice of SSL acceleration tool. For instance, a plug-in card is limited to the single server that in which it is installed, so this approach makes sense in cases in which all applications that need SSL acceleration reside on a single server.
Obviously, if multiple servers require SSL acceleration, you can buy a card for each server. But, oftentimes, CIOs opt for a device that sits in front of a server farm. That device could be either a stand-alone appliance or an integrated device.
At this point, SSL and accelerators aren’t yet a critical need. That means tech leaders have some time to get acquainted with the new uses for these security standbys and to figure out which tool best fits their enterprise need—an opportunity that rarely occurs in the technology environment these days.