The Modex-7000 PCI card uses a CS1015/Rubicon Asymmetric Key Processor to handle the cryptographic functions. It was easy to install, occupying a single PCI slot in the server. When we rebooted Windows, the New Hardware Wizard detected the device and installed the necessary software. So far, so good. The card will also work with Linux or Solaris and has a broad range of support for various web servers.
The unit's sole purpose is to accelerate SSL operations. There was nothing to configure and no certificates or keys to be exchanged. All security considerations are left to the server and its environment. The associated documentation is a simple booklet covering physical and software installation.
The card produced some reasonable performance figures, although these will have been influenced by the server's own performance. The server was still handling the session set up and termination processing, key exchanges and protocol suite negotiations, but offloading the encryption and decryption processing to the Modex card.
The card's performance figures indicate that it would be suitable for most applications. Because there is no tamper-resistant casing of any kind, it would not be suitable for situations where high physical security is required, since it would be possible for unauthorized modifications to be made to the card with no indication the tampering had occurred. However, if the server is in a secure environment with adequate physical security, this is less of a concern.
While there are obvious advantages to the separate SSL devices that can operate with multiple servers, internal cards can still play an important role. Some site configurations would get better performance by using a load-balancing device in front of a server farm with a card in each server. In cases where there are one or two servers catering for a low volume of users, such as a company intranet, then internal cards are the obvious options.
The card could also be used in conjunction with other freestanding SSL accelerators where the connection between back-end server and the device also uses https. In such cases, the performance improvement between server and device helps to improve the performance at both ends, whereas an unaccelerated back-end server tends to reduce overall performance.