|
|
|
 |
 |
Internet Security Solutions |
|
|
|
|
|
| |
Product Search :
|
|
|
|
|
| |
 Security & Acceleration |
|
| |
Overview: |
|
| |
SSL Acceleration Option
As the leader in SSL (Secure Socket Layer) acceleration, F5's BIG-IP SSL Accelerator Option for BIG-IP switches provides the industry's fastest and most scalable SSL processing platform -- easily handling bulk encryption and large traffic volumes while freeing up processing for other needed functions.
|
|
| |
 |
Built-in SSL acceleration increases business ROI by consolidating hardware, SSL processing, Private Key creation & secure storage, and SSL Certificate Management. |
|
Most BIG-IP platforms include 100 TPS (Transactions Per Second) SSL at no cost; addtional SSL capacity can be added via a software license key, allowing customers to increase SSL capacity as they need it. |
|
BIG-IP FIPS SSL Accelerator (optional) helps organizations alleviate processing bottlenecks and gain control over the cryptographic keys that help protect a secure infrastructure. |
| |
SSL Accelerator Optional Card
Integrated SSL Processing and Intelligent Traffic Management
|
| |
 |
The BIG-IP® SSL Accelerator combines fast SSL (Secure Socket Layer) processing with intelligent traffic management and load balancing - giving e-Businesses SSL acceleration and secure connections with feature-rich intelligent traffic and content control. The BIG-IP SSL |
|
| |
Accelerator is a single-source solution for dramatically improving the performance of your servers while providing security, speed and traffic management during business-critical online transactions -- without the cost and hassle of installing additional hardware or software on each of your servers. |
| |
|
| |
|
| |
Features and Benefits: |
| |
Key Features and Benefits: |
| |
|
Centralizes certificate management at a single source
|
|
Performs traffic management decisions for both HTTP and HTTPS traffic, regardless of IP address |
|
BIG-IP SSL Accelerator 400
-400 SSL transactions/second; over 34 million transactions per day
|
|
BIG-IP SSL Accelerator 800
-750 SSL transactions/second; over 64 million transactions per day |
|
HTTP 1.1 compatibility |
|
HTTP Cookie Persistence for SSL Traffic |
|
HTTP Cookie Switching for SSL Traffic
|
|
Solves AOL and Internet Explorer session state issues |
|
Secure web-based and command line interface |
|
Improves server performance
|
|
Selectable key length (512, 1024 bits) |
|
Optional GB Ethernet interfaces
|
|
Every BIG-IP feature supported
|
|
SNMP |
| |
|
|
| |
 |
| |
Intelligence
The BIG-IP SSL Accelerator frees the load balancer to perform valuable Layer 7 functions on SSL traffic, including using information within encrypted packets (i.e. cookies, file names and extensions) for intelligent load balancing decisions and for intercepting application errors. SSL traffic is decrypted so that the clear text may be sent to the optimal server resource.
HTTP Cookie Persistence for SSL Traffic
Cookie persistence is critical for e-Business applications. However, cookies that are encrypted with SSL can't be read or used for load balancing. The BIG-IP SSL Accelerator solves this problem, allowing SSL encrypted cookies to be used in Internet traffic management decisions
HTTP Cookie Switching for SSL Traffic
The BIG-IP SSL Accelerator acts as the termination point for your SSL sessions. The traffic management intelligence then takes over, reading cookies and making intelligent load balancing decisions based on the information they contain. This information can be specific to each user, enabling you to provide differentiated services and traffic prioritization.
HTTP Header Switching for SSL Traffic
Once the request is decrypted by the BIG-IP SSL Accelerator, intelligent traffic decisions can be made based on any part of the header, including HTTP version, HTTP host field (also known as URL), HTTP cookie header, HTTP URI (Universal Resource Indicator), client source address and the HTTP method being used in the request. This information is then compared to preset criteria, known as a rule, to determine how to efficiently divide the request amongst groups of servers or devices, also known as pools.
Solves AOL Client IP Address Sharing Issues
The "AOL problem" is where client IP addresses are shared and changed during the life of the session. In most cases, shopping cart applications require that the session persist (or return) to the same server in order to complete the transaction. Load balancing of an AOL user requires methods other than the user's IP address. The BIG-IP SSL Accelerator provides these methods through cookie persistence, HTTP header information and more (as described earlier). Also, most shopping cart applications require a secure session using SSL to complete the transaction. The BIG-IP SSL Accelerator can maintain the proper persistence for these secure transactions as well.
Solves Microsoft Internet Explorer SSL ID Renegotiation Issues
Internet Explorer sometimes drops SSL sessions after very short time outs - resulting in lost SSL connections for users. To compensate for this, the BIG-IP SSL Accelerator decrypts the user cookie, makes the correct management decision, and sends the request to the right server. Through this process, Internet Explorer can renegotiate the SSL session ID as many times as it likes - and the user still ends up in the right place.
The BIG-IP SSL Accelerator centralizes certificate management at a single source.
Maximize Your Server Investment
From NT to Linux to Solaris, your servers slow down significantly when handling SSL transactions - delivering up to 50-times fewer connections per second. (1) The BIG-IP SSL Accelerator seamlessly offloads these CPU-intensive connections from your servers, freeing them to perform at their peak levels.
(1) Networkshop: Scaling Security in e-Commerce Applications
Cost Savings
Because the BIG-IP SSL Accelerator supports all commercial servers, in virtually any number, you eliminate the cost of installing and managing additional software or hardware on each server. The larger the server farm, the greater the savings.
Because the BIG-IP SSL Accelerator supports all commercial servers, in virtually any number, you eliminate the cost of installing and managing additional software or hardware on each server. The larger the server farm, the greater the savings.
The BIG-IP SSL Accelerator provides a gateway that allows SSL traffic to be unencrypted and load balanced. This allows BIG-IP to track persistence based on cookies in HTTP and SSL as the traffic is converted into HTTP.
Complete Integration with BIG-IP
The BIG-IP SSL Accelerator enhances the scalability of BIG-IP's award-winning Internet traffic and content management software functions: |
| |
|
Highest performing local load balancing for servers, caches, firewalls, VPN gateways, terminal servers, other specialized devices
|
|
OneConnectT Content Switching reduces bandwidth costs and server overhead by up to 20% |
|
99.999% uptime for both Internet and Intranet applications
|
|
Application Aware Network -- allows applications to directly control network traffic by preemptively avoiding application failures |
|
Static and Dynamic load balancing for diverse server platforms and applications |
|
Active/Active Controller feature for added performance, scalability, reliability, and flexibility |
|
Multiple modes of persistence |
|
Any IP Load Balancing for load balancing TCP and UDP-based traffic
|
| |
|
|
| |
Availability
The BIG-IP SSL Accelerator 400 or 800 is also available as an upgrade card for current BIG-IP Controllers (4.0 or later software required).
|
| |
Specification : |
| |
SSL Accelerator 400/800
|
| |
| Servers supported |
All commercial web servers |
| Operating systems supported |
Any operating system (UNIX, Solaris, Windows NT, BSD/BSDI, AIX, etc.) |
| Protocols supported |
SSL (Secure Sockets Layer); all other TCP/IP protocols supported by BIG-IP |
| System Interface |
Secure Web-based interface and command line |
| Interface Connections |
Support all BIG-IP interfaces, 10/100 & Gb Ethernet & FDDI |
| SSL Performance |
BIG-IP SSL Accelerator 400
- Rated up to 400 HTTP connections/sec
BIG-IP SSL Accelerator 800
- Rated up to 800 HTTP connections/sec
Note: Different BIG-IP platforms support varying combinations of SSL Accelerator
|
|
| |
|
|
|
|
|
|
|
| |
|
|
|
|
|