Sometimes, there is not enough room in the server rack to add another appliance. When the need to offload SSL acceleration from the main processor becomes paramount, adding a card to do the job is the sensible choice. The nCipher nforce1600 contains everything in a tamper-resistant casing, which helps to provide a more secure environment. The card was simple to install and set up, the software installation from CD-Rom being largely automatic. It comes with its own smartcard reader, required to work the security aspects of the device.
The nForce offers a number of security features. It uses the concept of a "security world", made up of at least one nForce 1600 card, smartcards to control configuration and recovery operations and access to application keys, some cryptographic key and certificate data encrypted using the security world key, stored on a host computer or computers. The card and software default to FIPS 140-2 level 2 compliance, with level 3 as an option.
The card returned reasonable performance figures although, like the other PCI card in the test, these will have been influenced by the server's own performance in handling the session set up and termination processing.
The performance figures and its security features show that it would be suitable for many applications where security is a consideration. The tamper-resistant casing will provide evidence that unauthorized modifications have been made or attempted.
This card has some of the advantages of the freestanding devices in terms of key management, and could be used where these devices would otherwise be needed.
This card could also be used in those situations where the link between an acceleration device and a back-end server is also encrypted using SSL. The performance advantage obtained by accelerating the server accrues to the whole process, producing faster response times with no loss in security.
The vendors have really done a thorough job ensuring the broadest range of support for multiple operating systems such as Linux, Solaris and Windows, and most web servers, including Apache and Microsoft's IIS, ISA Server and IBM's WebSphere Application Server. The software also provides support for various API's and toolkits, including Microsoft's CryptoAPI and Open SSL.