|By Lori MacVittie||
|October 23, 2012 07:45 AM EDT||
Fat apps combined with SSL Everywhere strategies suggest a need for more powerful processing in the application delivery tier
According to Netcraft, who tracks these kinds of things, SSL usage has doubled from 2008 and 2011. That's a good thing, as it indicates an upswing in adherence to security best practices that say "SSL Everywhere" just makes good sense.
The downside is overhead, which despite improvements in processing power and support for specific cryptographic processing in hardware still exists. How much overhead is more dependent on the size of data and the specific cryptographic algorithms chosen. SSL is one of those protocols that has different overhead and impacts on performance based on the size of the data. With data less than 32kb, overhead is primarily incurred during session negotiation. After 32kb, bulk encryption becomes the issue.
The problem is that a server is likely going to feel both, because it has to negotiate the session and the average response size for web applications today is well above the 32kb threshold, with most pages serving up 41kb in HTML alone – that's not counting scripts, images, and other objects.
It turns out that about 70% of the total processing time of an HTTPS transaction is spent in SSL processing. As a result, a more detailed understanding of the key overheads within SSL processing was required. By presenting a detailed description of the anatomy of SSL processing, we showed that the major overhead incurred during SSL processing lies in the session negotiation phase when small amount of data are transferred (as in banking transactions). On the other hand, when the data exchanged in the session crosses over 32K bytes, the bulk data encryption phase becomes important.
An often overlooked benefit of improvements in processing power is that just as it helps improve processing of SSL on servers, so too do such improvements help boost the processing of SSL on intermediate devices such as application delivery controllers. On such devices, where complete control over the network and operating system stacks is possible, even greater performance benefits are derived from advances in processing power. Those benefits are also seen in other processing on devices such as compression and intelligent traffic management.
But also a benefit of more processing power and improvements in core bus architectures is the ability to do more with less, which enables consolidation of application delivery services on to a shared infrastructure platform like BIG-IP. From traffic management to acceleration, from network to application firewall services, from DNS to secure remote access – hardware improvements from the processor to the NIC to the switching backplane offer increased performance as well as increased utilization across multiple functions which, in and of itself, improves performance by eliminating multiple hops in the application delivery chain. Each hop removed improves performance because the latency associated with managing flows and connections is eliminated.
Introducing BIG-IP 4200v
The BIG-IP 4200v hardware platform takes advantage of this and the result is better performance with a lower power footprint (80+ Gold Certified power supplies) that improves security across all managed applications. Consolidation further reduces power consumption by eliminating redundant services and establishes a strategic point of control through which multiple initiatives can be realized including unified secure remote access, an enhanced security posture, and increased server utilization by leveraging offload services at the application delivery tier.
A single, unified application delivery platform offers many benefits, not the least of which is visibility into all operational components: security, performance, and availability.
BIG-IP 4200v supports provisioning of BIG-IP Analytics (AVR) in conjunction with other BIG-IP service modules, enabling breadth and depth of traffic management analytics across all shared services.
This latest hardware platform provides mid-size enterprises and service providers with the performance and capacity required to implement more comprehensive application delivery services that address operational risk.
May. 23, 2015 09:00 PM EDT Reads: 4,941
May. 23, 2015 09:00 PM EDT Reads: 4,642
May. 23, 2015 08:00 PM EDT Reads: 1,770
May. 23, 2015 07:00 PM EDT Reads: 1,301
May. 23, 2015 07:00 PM EDT Reads: 3,995
May. 23, 2015 05:00 PM EDT Reads: 2,103
May. 23, 2015 04:00 PM EDT Reads: 4,668
May. 23, 2015 02:00 PM EDT Reads: 4,013
May. 23, 2015 02:00 PM EDT Reads: 6,224
May. 23, 2015 01:00 PM EDT Reads: 6,742
May. 23, 2015 01:00 PM EDT Reads: 925
May. 23, 2015 12:00 PM EDT Reads: 1,704
May. 23, 2015 12:00 PM EDT Reads: 1,658
May. 23, 2015 12:00 PM EDT Reads: 1,792
May. 23, 2015 11:30 AM EDT Reads: 2,313
May. 23, 2015 11:15 AM EDT Reads: 1,620
May. 23, 2015 11:00 AM EDT Reads: 5,439
May. 23, 2015 11:00 AM EDT Reads: 3,777
May. 23, 2015 10:00 AM EDT Reads: 2,884
SYS-CON Events announced today that the "First Containers & Microservices Conference" will take place June 9-11, 2015, at the Javits Center in New York City. The “Second Containers & Microservices Conference” will take place November 3-5, 2015, at Santa Clara Convention Center, Santa Clara, CA. Containers and microservices have become topics of intense interest throughout the cloud developer and enterprise IT communities.
May. 23, 2015 10:00 AM EDT Reads: 1,769