SSL Offloading: With the advent of the cloud computing revolution, businesses are now able to provide secure access to internal systems with ease. When deploying VDI/RDS networks, one of the important challenges administrators face is that of striking a balance between application performance and security. Growing business demands require the creation of high availability networks that can deliver virtual applications seamlessly to remote users. At the same time, data security cannot be compromised.
Performance vs Security
Secure Socket Layer (SSL) is a commonly used protocol for encrypting data transmitted over the network. When browsers request information from a server that uses SSL, an initial handshake is required before data can be accessed. This process involves at least four TCP round trips to create a connection between the server and the browser before the actual data are transmitted, therefore this process-intensive SSL handshake can significantly affect performance. In today’s fast-paced world, a delay of few seconds can make a difference in converting an opportunity into a sale, but without SSL businesses would have to compromise on security. Offloading SSL to another product is a convenient solution.
In SSL Offloading, SSL encryption and decryption are removed from a gateway and transferred to a separate device that is designed for this purpose. By removing the burden of SSL processing from the gateway, resources are freed up to assign connections to the correct server quicker. Load balancers that have clear access to HTTP traffic can easily perform advanced tasks such as reverse proxying, traffic regulation, and cookie persistency.
Parallels RAS, with its High Availability Network Load Balancing (HALB) is an excellent solution to these issues. SSL offloading onto a Parallels HALB appliance improves performance and gets inbound connections on the fast lane.
SSL Offloading with Parallels HALB
Parallels RAS offers High Availability Load Balancing (HALB) that intelligently distributes connections to gateways. This software tool sits between the Parallels RAS gateways and the user to perform effective network load balancing. A typical load balancer checks for the availability of a server before routing an RDP connection; Parallels HALB adds an additional layer of redundancy by also checking the available gateways when routing traffic.
Parallels HALB not only ensures the continuity of a connection, but is able to offload inbound SSL connections from the gateway and decrypt the traffic at the HALB level, hence relieving the burden of the SSL decryption process from the gateway. The HALB appliance can also be set in pass-through, in which case connections are encrypted when sent to the gateways, and then decrypted there.
Parallels HALB is easy to deploy, configure and use. SSL offloading is configured during the setup process. With Parallels RAS, this flexibility ensures that you don’t have to worry about users experiencing slow connection times, whether a connection is encrypted or not.
SSL offloading impact on web applications | blog.haproxy.com
What Is SSL Offloading? | ehow.com