[ale] http accelerator?

Barlow, Jim D jim.d.barlow at intel.com
Tue Nov 6 15:51:32 EST 2001


Hiya Robert,

This was done by I-Pivot corp, a company which was purchased by Intel
Corporation.

Other companies followed suit with some of these products.

The Intel box was a 1 rack unit high box.  The OS was BSD based, and there
was Application
Specific Integrated Circuitry to do the encryption / decription, much like
the cards
you can put in servers to do this work.  The software resided entirely
within flash memory.

One of the  benefits of a seperate box was in integrating this into a server
farm without
downing and taking apart operating servers. Security certificates could be
loaded on this 
box.  It could handle bulk encryption as well as the asynchronous handshake.
For security, 
it was initially a MAC layer device with no IP address.

Later these boxes evolved into load balancers and site balancers.

This product was pretty popular, and was sold by Hewlett Packard as well as
Intel.

Most of this HTTPS proxy stuff has now moved into Ethernet media switches.

Also transform functions that aid encryption / decryption have inspired a
fused
instruction in the Itanium Architecture ( EPIC ) to make general purpose
processing
more effective at handling SSL type loads.

Sorry to ramble on....

- Jim



-----Original Message-----
From: Robert L. Harris [mailto:Robert.L.Harris at rdlg.net]
To: ale at ale.org
Sent: Tuesday, November 06, 2001 3:08 PM
To: Atlanta Linux Enthusiasts
Subject: [ale] http accelerator?




  I'm looking at a project for an "https accelerator" to front for a
web server farm.  I'm wonderng if anyone's built something like this.
Basically a box that listens on eth0 for traffic on port 443, decrypts
the ssl, forwards it to a box on eth1, then reverses the traffic for 
outbound traffic.

Anyone?


:wq!
---------------------------------------------------------------------------
Robert L. Harris                |  Micros~1 :  
Senior System Engineer          |    For when quality, reliability 
  at RnD Consulting             |      and security just aren't
                                \_       that important!
DISCLAIMER:
      These are MY OPINIONS ALONE.  I speak for no-one else.
FYI:
 perl -e 'print $i=pack(c5,(41*2),sqrt(7056),(unpack(c,H)-2),oct(115),10);'


---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be

sent to listmaster at ale dot org.

---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.






More information about the Ale mailing list