About Server Certificates
In a typical HTTPS scenario described above, the client and server are communicating directly,
and the server is doing all the work of encrypting and decrypting packets, and sending the server
certificate to the client. If you have many systems servicing requests for the same website, you
need to install certificates on each server.
With Equalizer, you do not need to install a server certificate on every server in a Layer 7 HTTPS
cluster. Since certificates are associated with host names and not IP addresses, you only need a
server certificate for each HTTPS cluster and the certificates are installed only on Equalizer-- not
on each server. This reduces maintenance by reducing the number of certificates required for a
group of systems serving content for the same host name.
When a client requests a connection to an HTTPS cluster, Equalizer establishes the HTTPS
connection with the client, off loading SSL processing from all the servers in the HTTPS cluster.
Equalizer communicates with the clients via HTTPS; the traffic between Equalizer and the servers
in an HTTPS cluster is HTTP (i.e., unencrypted).
Compared to the typical scenario where each client is establishing direct HTTPS connections with
servers, encrypting and decrypting packets, and serving content as well, SSL offloading improves
the overall performance of the cluster.
For even better performance, some Equalizer models are equipped with SSL Hardware
Acceleration. With hardware acceleration, processing for cipher suites supported by acceleration
hardware is done by dedicated hardware, enhancing overall HTTPS throughput.
Note that HTTPS and certificates can also be used on servers in Layer 4 TCP and UDP clusters, but
you will need to install a server and client certificate on each server in the cluster (since Equalizer
is not doing any HTTPS/SSL processing in Layer 4). In this scenario, no certificates are installed
on Equalizer.
Copyright © 2014 Coyote Point Systems, A Subsidiary of Fortinet, Inc.
All Rights Reserved.
807
Equalizer Administration Guide
Содержание Equalizer GX Series
Страница 18: ......
Страница 32: ...Overview 32 Copyright 2014 Coyote Point Systems A Subsidiary of Fortinet Inc ...
Страница 42: ......
Страница 52: ......
Страница 64: ......
Страница 72: ......
Страница 76: ......
Страница 123: ...Copyright 2014 Coyote Point Systems A Subsidiary of Fortinet Inc All Rights Reserved 123 Equalizer Administration Guide ...
Страница 228: ......
Страница 238: ......
Страница 411: ...Copyright 2014 Coyote Point Systems A Subsidiary of Fortinet Inc All Rights Reserved 411 Equalizer Administration Guide ...
Страница 459: ...Copyright 2014 Coyote Point Systems A Subsidiary of Fortinet Inc All Rights Reserved 459 Equalizer Administration Guide ...
Страница 476: ......
Страница 492: ......
Страница 530: ......
Страница 614: ......
Страница 626: ......
Страница 638: ......
Страница 678: ......
Страница 732: ...Using SNMP Traps 732 Copyright 2014 Coyote Point Systems A Subsidiary of Fortinet Inc ...
Страница 754: ......
Страница 790: ......
Страница 804: ......
Страница 842: ......
Страница 847: ...Copyright 2014 Coyote Point Systems A Subsidiary of Fortinet Inc All Rights Reserved 847 Equalizer Administration Guide ...
Страница 866: ......