Sounds like a typical e-commerce experience. Of course, lowering our defenses is out of the question. Security is necessary. We'd just like it to move a bit faster than a dead horse.
There's no hope for the line at the airport metal detector, but SSL (Secure Sockets Layer) accelerators have long been touted as the way to speed up secured Web transactions. In our past tests, these products have indeed yielded significant speed improvements. But that was then, and this is now. Nothing we've seen in the past compares with the performance we saw in recent tests performed in our partner labs at Schneider National, in Green Bay, Wis. What's changed? Appliance vendors have moved into the market and, boy, are they leaving older solutions in the dust. In our tests, our iPlanet Web server performed between 40 and 170 SSL transactions per second without cryptographic acceleration. With cryptographic acceleration, the same iPlanet box was able to serve up between 60 and 530 SSL transactions per second. Connect times also fell, from about three seconds for unassisted SSL to subsecond connect times for assisted SSL.
Terminators vs. Off-Loaders
It's important to make a distinction between the two types of SSL accelerator devices because the differences affect network architecture and security. SSL terminating devices sit between the client and the Web server and intercept all SSL traffic. When you request a secured connection from a Web server fronted by a terminating accelerator, the connection is handled by the device rather than the Web server. The handshaking process and encryption/decryption are handled by the device as well, and generally communication between the device and the back-end Web server is done in clear text (see "The Anatomy of an SSL Handshake").
By contrast, an internal device, such as a PCI card or SCSI-based device, off-loads CPU-intensive key generation and signings as well as encryption and decryption routines from the Web server. All the internal products we looked at did this via PKCS#11 (Public Key Cryptography Standard 11) integration with iPlanet. A simple modification to the Web server's configuration file, magnus.conf, tells the Web server where to off-load the routines; the device handles the rest.
The advantages of external devices include the ability to integrate certificate management into the device and to scale, and an increase in speed and number of SSL connections. But perhaps the biggest advantage revolves around management: External devices require no changes to the Web server.
We know what you're thinking: "So why would I ever decide on an internal solution?" In a word: security. The banking and financial industries, as well as the government, have extremely strict requirements about data security. Companies in these sectors demand that data be encrypted end to end. An external device that does not provide a mechanism for re-encrypting data between itself and the back-end Web server is not an option in these situations. Both Alteon WebSystems (a division of Nortel Networks) and CacheFlow provide the capability to re-encrypt data between their devices and the back-end Web server, and F5 Networks told us this feature will be available in the next release of its product.
The fact is, however, many advantages of an external device are lost when the Web server is still required to perform SSL communications. If your infrastructure includes a server farm and you want to use a content switch, you'll need a method of decrypting the SSL traffic to determine where to route it. In this scenario, the ability to decrypt and then re-encrypt the data is essential. But the performance gains are relatively low for this type of architecture. For this reason, many companies in industries with extremely strict security requirements prefer to stay with internal solutions, which more easily meet their stringent requirements.
Room to Grow
Scalability of external devices is a given. Either they provide mechanisms for using additional devices, or scalability is provided via load-balancing solutions. Generally speaking, having room to grow isn't as much of an issue as it is with internal devices.
For example, PCI cards are limited not only by the number of available PCI slots, but also by the type of PCI slot available. A look at the specs of the products we tested shows that iVea Technologies' card requires a 3.3V PCI slot. It will not work in a 5V slot. A quick survey of server vendors, such as Hewlett-Packard and Sun Microsystems, revealed that most PCI slots are 5V, because most cards spec out at 5V. Sure, you can order your server with more 3.3V than 5V slots, but this requires foresight. The two servers in our tests each had only one 3.3V slot. All the others were 5V. The scalability of your PCI-based accelerator will be limited if it supports only a 3.3V slot.
We invited vendors Accelerated Encryption Processing (AEP), Alteon, CacheFlow, Compaq Computer Corp., F5, Intel Corp., Ingrian Systems, iVea Technologies (a division of Rainbow Technologies), nCipher Corp. and SonicWall to strut their SSL accelerator stuff. Ingrian declined to participate, citing a lack of resources. Newcomer AEP (www.aep.ie) brought us its PCI card, the AEP1000, and showed us some phenomenal performance at the card level. We were uncomfortable testing the product so early in the beta phase, however (the firmware still had to be loaded via a serial port). In addition to the nForce offering, British firm nCipher sent along a SCSI-based accelerator, but because of time constraints we were unable to obtain testing equipment with external SCSI adapters. We have reviewed nCipher's SCSI-based solution in the past but hadn't yet seen the company's PCI card in action, so we were happy to test that solution instead. In addition, iVea released last month (too late to test) its CryptoSwift 1000, which the company says offers on-board key storage.
After drilling the vendors about security and scalability, we picked a winner in each of the two categories. IVea's CryptoSwift EN 2000 took the lead in the internal category. Providing better scalability options than the strictly PCI-based solutions and offering excellent platform support, the EN 2000 was outperformed only by the Compaq AXL300 Accelerator PCI Card; this did not surprise us since the AXL300 supports only the Compaq platform and is optimized for Compaq servers. Among PCI solutions, nCipher's nForce 300 Secure E-Commerce Accelerator showed us the tightest security regarding key management and access to keys and certificates -- at an excellent price -- but performance and scalability limitations denied it the top spot. The iVea CryptoSwift 600 PCI card did an acceptable job at increasing performance, but scalability and management are still an issue for this product, as they are with most internal PCI-based solutions.
Alteon WebSystems' iSD 2.0 SSL Accelerator is our pick in the external device category. It offers phenomenal performance, management and scalability, and only F5's offering came close to the top spot. The only tarnish on the iSD's prize involves the device's yet-unproven interoperability. While the iSD 2.0 is designed to be open, it has been verified to work only with Alteon switches, such as the AceDirector 4. Fortunately, an "in-line" configuration for the iSD 2.0 is possible, offering the same sort of drop-and-go architecture provided by the other products. This configuration places the device between the client and the server, in much the same configuration as a transparent proxy or load-balancing solution. All the devices performed well, but Alteon's and F5's offerings really know how to process SSL traffic.
Intel provides the best cryptographic capabilities, offering support of IDEA (International Data Encryption Algorithm) and Blowfish as well as the traditionally supported RSA algorithms. CacheFlow provides re-encryption of back-end Web server connections -- the only other product supporting this option is the iSD 2.0. This is a must for industries with stringent security standards. Does this defeat the purpose of appliance-based SSL accelerators? Not necessarily. Front-ending a system with an appliance offers the ability to support a higher number of connections per second, even though the need for the Web server to perform cryptographic functions will increase the average time of a transaction. CacheFlow also offers caching services, a definite plus and something no other product in this market offers.