Very large enterprises, particularly finance, healthcare and e-commerce have ever growing needs for secure VPN communications. They are rapidly adopting an “SSL Everywhere” policy where encryption goes beyond the sensitive portions of an application session such as the login page and covers the entire transmission of all content.
Historically at lower overall throughput levels, the performance overhead imposed during the SSL session negotiation phase including connection establishment, cipher suite negotiation, session ID assignment and key generation, dominated the overall performance of SSL sessions. Once the session was established, the bulk data transfer with encryption and decryption, was much less computationally expensive than the SSL handshake phase.
Now with many data centers experiencing overall Application Delivery Controller (ADC) throughput getting near and even surpassing 100Gbps territory both the rate of transactions per second and the bulk SSL encrypted traffic capabilities become critical. While transactions are often short lived such as shopping cart information and health record transfers, they are generated in enormous volumes. The total encrypted traffic expands in direct proportion to the number of transactions. At such transfer rates the performance overhead imposed during the SSL handshake phase no longer dominates the overall performance dynamics of SSL sessions. Both the number of new SSL sessions that can be supported over a given period of time—SSL transactions per second (TPS) and bulk transfer of encrypted traffic are important.
To compound the security challenge, organizations, driven in part by the National Institute of Standards and Technology’s (NIST) recommendations, have transitioned to more secure 2048-bit SSL certificates. This trend is backed up by leading browser vendors’ plans to not support websites using certificates with keys weaker than 2048 bits beyond the end of the year. This standard provides much greater security, but network and application performance is put at risk without proper planning and infrastructure. The impact in this case is an exponential increase in strength of encryption, but at a cost of least 4-5 times greater processing demands
Have no fear. The NetScaler 2U height MPX 22000 series of ADCs incorporate the latest dedicated SSL acceleration hardware with support for both 2,048 and even 4,096 bit keys. NetScaler delivers essential encryption capabilities that avoid the need to make trade offs between having stronger security and maintaining a high-performance user experience. Just in-time for heavily trafficked networks these models provide over 500,000 SSL transaction per second at 2048-bit certificates and enable the bulk SSL processing of up to 75 Gbps. You heard that right; these specs are not blogging typos. These represent gains in excess of 2-4x those achieved on alternative ADC blades. The NetScaler world records are derived from packet engines that intelligently load balance the SSL operations among the SSL cores. Multiple queues per SSL core further utilize the hardware capabilities where multiple SSL operations can be queued per chip. So have at it. Gargantuan SSL TPS. Check. Massive bulk SSL transfers. Check. Now go to the bakery, you deserve it.