Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Shopping For An SSL Accelerator: Page 2 of 3

The catch, though, is that external devices don't take key management as seriously as internal devices do. NCipher Corp.'s products, for example, offer secure key management and cryptographic acceleration. External, network-based devices generally store certificate keys on a hard drive on the device in a rather nonsecure fashion. Although it's difficult to access the keys on an external device, if your security policies stringently require a secure key management solution, you'll want to turn your attention to an internal solution. Why? Because if your keys are stored on the hard drive of an external SSL accelerator and it is broken into, you lose. Your keys have been compromised, and now the "bad guys" may be able to decrypt that SSL traffic. If the keys are stored securely in a HSM (Hardware Security Module), such as that offered by nCipher or Rainbow, you've added another layer of protection.

Performance & Functionality



What Kind of Accelerator Do You Need?
Click to enlarge

There are differences between internal and external devices in terms of the performance increases achieved by each. Cryptographic accelerators are rated in terms of "transactions per second." But don't be fooled; the term transactions in this context refers to 128-bit RSA operations on 1 KB of data. Secure pages via the Web are typically smaller than your average unencrypted page. However, they are almost never as small as 1 KB, and they require more than one RSA operation to complete.

Interestingly enough, an external device can achieve the transaction rates claimed by the vendor--it happened right here in our Green Bay, Wis., Real-World Labs®. But internal devices tend to achieve much lower rates than are claimed. A good rule of thumb is to halve the number of transactions per second claimed by the vendor for an internal SSL acceleration device.