Ingrian offers a range of appliances that are designed to secure any application that uses secure socket layer (SSL) transactions, while at the same time speeding up the performance. The company has recently added other features, including authentication, authorization, GZIP compression and an interface to external intrusion detection systems.
The growing demand for secure connections to web servers for e-commerce applications has led to a huge growth in SSL traffic. Because SSL uses public-key cryptography, negotiating an SSL connection requires a lot of resources to perform the exchange of session keys - a process called SSL handshake. This can place a heavy load on web servers and lead to large web server farms being necessary. The Ingrian i215 is designed to solve this problem by taking care of SSL negotiation itself, offloading that task from the web server. The i215 can perform 1,600 SSL handshakes per second, while keeping track of up to 32,000 concurrent SSL connections and their associated session keys.
It is not just secure HTTP traffic that benefits; the i215 can accelerate any protocol over SSL - including IMAP and POP mail protocols.
Another feature is caching of all secure static content, such as banners, buttons and navigation frames. This relieves the backend web server of the task of delivering this static content every time it is requested. The i215 can dramatically reduce the number of real backend web servers required.
There is much more to the i215 than just SSL acceleration. Every secure web site must have a site certificate to allow authenticated SSL connections to the outside world. The i215 can also act as a certificate authority (CA) for this public key infrastructure (PKI) application.
Certain types of intrusion attacks could be hidden in what are effectively SSL VPN tunnels. To combat this, the i215 has a specific option to mirror all SSL encrypted traffic in unencrypted form to a dedicated port, which can be connected to any network-based IDS.
The i215 has the ability to encrypt data for storage. For example, credit card numbers, which often form part of SSL traffic, can be encrypted by the i215 for storage in external databases - keeping such data safe against insider attacks from those who may have access to your storage systems or backup media.