About Server Certificates
In a typical HTTPS scenario described above, the client and server are communicating directly,
and the server is doing all the work of encrypting and decrypting packets, and sending the server
certificate to the client. If you have many systems servicing requests for the same website, you
need to install certificates on each server.
With Equalizer, you do not need to install a server certificate on every server in a Layer 7 HTTPS
cluster. Since certificates are associated with host names and not IP addresses, you only need a
server certificate for each HTTPS cluster and the certificates are installed only on Equalizer-- not
on each server. This reduces maintenance by reducing the number of certificates required for a
group of systems serving content for the same host name.
When a client requests a connection to an HTTPS cluster, Equalizer establishes the HTTPS
connection with the client, off loading SSL processing from all the servers in the HTTPS cluster.
Equalizer communicates with the clients via HTTPS; the traffic between Equalizer and the servers
in an HTTPS cluster is HTTP (i.e., unencrypted).
Compared to the typical scenario where each client is establishing direct HTTPS connections with
servers, encrypting and decrypting packets, and serving content as well, SSL offloading improves
the overall performance of the cluster.
For even better performance, some Equalizer models are equipped with SSL Hardware
Acceleration. With hardware acceleration, processing for cipher suites supported by acceleration
hardware is done by dedicated hardware, enhancing overall HTTPS throughput.
Note that HTTPS and certificates can also be used on servers in Layer 4 TCP and UDP clusters, but
you will need to install a server and client certificate on each server in the cluster (since Equalizer
is not doing any HTTPS/SSL processing in Layer 4). In this scenario, no certificates are installed
on Equalizer.
Copyright © 2014 Coyote Point Systems, A Subsidiary of Fortinet, Inc.
All Rights Reserved.
807
Equalizer Administration Guide
Summary of Contents for Equalizer GX Series
Page 18: ......
Page 32: ...Overview 32 Copyright 2014 Coyote Point Systems A Subsidiary of Fortinet Inc ...
Page 42: ......
Page 52: ......
Page 64: ......
Page 72: ......
Page 76: ......
Page 228: ......
Page 238: ......
Page 476: ......
Page 492: ......
Page 530: ......
Page 614: ......
Page 626: ......
Page 638: ......
Page 678: ......
Page 732: ...Using SNMP Traps 732 Copyright 2014 Coyote Point Systems A Subsidiary of Fortinet Inc ...
Page 754: ......
Page 790: ......
Page 804: ......
Page 842: ......
Page 866: ......