Product Details
Product Rating
Array Networks TMX3000
chipSign Modex 7000
Coyote Point Equalizer Extreme with Equalizer XCEL
nCipher nFast Ultra
NetScaler 9950 Application Delivery Switch
Nortel Networks Alteon Application Switch 2424-SSL
Radware CertainT 100
Redline Networks E|X 3650
Our Best Buy is the NetScaler 9950. This was by far the fastest device on test and, although it was the most expensive, it does provide a great deal in one box. All of the other products can also do a very capable job, but our Recommended award goes to two of them: the Radware CertainT 100, which turned in a high performance and is well worth consideration and the Array Networks TMX3000
SSL accelerators (2005)
Application security attracts a lot of attention, but SSL encryption places a large burden on your servers. Ian Parsons can help you safely ease the load
The Secure Sockets Layer (SSL) protocol and its successor, Transport Layer Security (TLS), are widely-used systems for providing secure encrypted communications between applications using an internet protocol such as TCP as a transport protocol.
Generally used for transactions such as online banking, share dealing, and online purchases, SSL is supported by most browsers and servers. Companies have deployed SSL in customer-facing applications while using other secure methods, such as IPsec, for their employees. SSL is often found on a company's remote links and mobile connections as well, being a less expensive, but an equally viable, alternative to other methods.
Part of the reason for this is that the required client software needed to handle secure communications is available as part of most web-browsing software. Often, all that is needed to provide a streamlined client-server capability in the browser is to download a Java applet or an ActiveX control that can establish and maintain a secure link to the web server application.
This is easier for a customer to use than the alternatives because it requires little or no user action to set up and is therefore more attractive to companies who want to maintain good client relationships.
Similar simplicity is appreciated by employees working remotely who have neither the time nor the inclination to get involved in more complex software set ups. A virtual private network (VPN) is often easier to set up and maintain if it uses SSL. Other remote applications, such as remote management, can also benefit from SSL's ease of use.
SSL is not confined to the internet. It is also used for intranet applications and other internal applications where confidential information needs to be shared among individuals or groups but not with the whole organization.
This can be anything from access to personnel files to financial information of all kinds, project plans, software development, research results or patent applications. The potential financial loss could be catastrophic if the information was passed to a competitor.
There is often a legal requirement to demonstrate that client confidentiality has been maintained, with serious repercussions if it has not. This requirement can be met by devices that provide SSL communication among themselves and the servers as well as providing SSL termination between the internet and themselves.
Meeting these requirements increases the processing load on an organization's systems as the volume of traffic grows. Since cryptography is a computationally-intensive process, the need to shift this burden away from the general purpose processors in servers to specialized processors designed for the task is more acute than ever.
Concerns over internet security might get all the attention, particularly when an occasional security error gets into the news, but lack of performance in the shape of poor response times is likely to lose customers just as much as any security scare might.
With increases in the use of SSL in the organization, there is a need for devices that can be used on the company's intranet. These will not necessarily require the functional capabilities of internet devices, but will require processing power and must offload part or all of the SSL overhead from the servers.
We tested these products using Spirent Communications' Web Avalanche 2500 and its Reflector 2500. The Avalanche test equipment can be used to generate high levels of network traffic from simulated users performing activities such as web browsing and file transfers, while the Reflector can simulate large numbers of servers to respond to these requests.
The Reflector was set to emulate a group of four web servers running Internet Information Services 5. This server grouping was intended to provide a representative installation that would allow the devices to demonstrate some features, such as multiplexing and server load balancing, which might have an influence on response times.
We did not enable back-end encryption or security features in systems that offered them. The Avalanche provided SSL requests from a number of simulated users, all using Internet Explorer 5, and its cipher suites and options.
To determine performance figures for the SSL acceleration and offloading features, we developed tests that tried to make a maximum number of SSL connections per second, and a maximum number of SSL transaction requests per second. These values were determined by running the Avalanche Reflector pair against each other to determine the capacity of the test system before we introduced the devices into the network.
We ran the Avalanche against a server with a Pentium 4 processor and 1Gb of main memory, which we used as a test bed for the SSL accelerator cards. The performance of the cards would be influenced by the power of the server, so we had to determine its performance before the cards were installed.
