Website Hosting
Windows Web Hosting Unix/Linux Web Hosting E-Commerce Hosting Reseller Web Hosting Virtual Private Server Server Co-Location Managed Server Hosting Dedicated Server .NET / ASP Web Hosting Affiliate Programs Datacenter Facility July's Top Web Hosts


Features
Web Hosting Specials Web Hosting Reviews Web Hosting Quote Industry News Web Hosting Help Articles Industry Perspectives Glossary & Terms


Network Tools
Website Link Checker Network Performance Check Server Services Domain Name Whois Traceroute Tool


Site Information
Website Hosting Home Link to Us Partners Sitemap About Us RSS News Feed Contact Us


website hosting » web hosting articles

Speeding Up Security
Written by: Tony Bourke


Although SSL is encrypted, every SSL connection has a session ID that is not encrypted, which allows both sides of the connection to know which encrypted transaction is in session. Load balancers previously were able to use this unique session ID to differentiate between users. Unfortunately, Microsoft has a bug in Windows 95, 98, and NT 4.0 (Windows ME, 2000, and XP are not affected) that causes some versions of Internet Explorer (5.0 through 5.5) to renegotiate the SSL session ID every two minutes, thus making the SSL session ID totally ineffective as a way to differentiate between users.

SSL accelerators can solve this problem. Because they decrypt traffic before it hits the Web servers, a load balancer between the SSL accelerator and the Web server facilitates cookie-based persistence. For this and other reasons, many load-balancing vendors also have an SSL accelerator offering. Some load-balancing vendors have even integrated SSL accelerator functionality into their load balancing products, such as F5's BIG-IP (www.f5.com).

Not So Fast

One myth of SSL accelerators is that because only one machine (or one active machine in a redundant scenario) is performing SSL acceleration, users do not need to pay for any more additional SSL certificates. According to VeriSign (www.verisign.com), which issues the majority of these certificates, a VeriSign certificate license is required for each machine that serves SSL traffic, not just the accelerator.

Pick a Card

Similar to SSL accelerators are SSL cards. Rather than network appliances, they sit in PCI (Peripheral Component Interconnect) slots inside the servers themselves, off-loading the encryption functions from the general processor. This can be good for sites that only employ a few SSL servers, because a few cards might be cheaper than an appliance.

SSL cards were once fairly popular items, but the advantages of SSL accelerators have started to win out. SSL cards address the need to off-load the work of encryption, but, because the demarcation point for the SSL traffic is the server itself, one cannot use cookie-based persistence from a load balancer. The only option for persistence is source-IP address.

SSL and load balancing are both critical technologies for today's websites. SSL provides security for everything from password authentication to online banking, and load balancing provides scalability and redundancy. The two technologies complement each other, and even tighter integration in the future seems likely.

This article is written by Tony Bourke for HostingTech, a web hosting magazine, and he can be contacted at tbourke@hostingtech.com


Page: «  1  [2] 


July's top web hosting companies and services.



Affiliate Links
PHP Resources PHP Documentation PHP Template Script FrontPage Templates PHP Hosting Info Best 10 Web Hosting More Partners




Policies: Privacy Policy  ·  Terms of Use
Web Vendor: Login  ·  Register Account  ·  Retrieve Password

©2002-2004 Copyright. Host Byte Marketplace.

Website Hosting  ·  Web Hosting Software  ·  Web Hosting Reviews