Radware's CertainT 100 device offers a variety of configurations in a standard 1U rack-mountable unit. Fiber and copper gigabit connections can be provided as required. Our unit had one 10/100 Base-T connector and one 1000 Base-TX connector, but a 10/100/1000 Base-SX connector could have replaced the copper connection if needed.
The initial set up requires the use of a command line interface over a serial connection, but it is possible to finish the configuration and setup using a browser-based GUI.
The unit would normally be used with Radware's Web Server Director, which provides controller and load-balancing services to other devices. The CertainT 100 is a capable standalone unit as well, but more options are available when used with the Director unit.
The device has a number of performance enhancement options beyond SSL offloading, including software and hardware compression and multiplexing, which help reduce bandwidth consumption and improve throughput.
The high-availability feature is only available with the Web Server Director, so the CertainT 100 can only be a standalone unit where fault-tolerance is not required.
However, the whole Radware approach is to provide devices that can handle groups of related functions, all under the control of the Web Server Director, while retaining their standalone capability.
This modular approach allows for configurations to be tailored to individual requirements, which may be preferable to having all the functions in one appliance, and allows installations to evolve to meet changing circumstances.
We tested it in standalone mode, configured as an SSL terminator, with the device handling decryption from the client and encryption to it, and plain text transmissions between it and the back-end servers. All SSL-related functions, including certificate and key management and storage are done in it.
Server and client SSL sniffing is available. Server sniffing routes decrypted traffic to Radware security devices for examination before passing the plain text traffic to the back-end servers for processing. This prevents encrypted attacks.