A Hybrid Virtual/Dedicated Model For SSL/TLS Offloading

May 26, 2021

In virtualized environments, SSL/TLS data encryption is commonly used to secure mission-critical and sensitive data as it transits to remote users and shared networks. Virtual application delivery controllers (ADCs) are also frequently deployed to provide SSL offloading from servers (reducing their load and thus improving performance) as well as application acceleration, load balancing across links, servers and global data centers, and Web/application security.

However, SSL/TLS offloading in a virtualized environment presents several key hurdles for virtual ADCs: Software-based performance is typically much lower than that of hardware-based (i.e. dedicated) ADC appliances – and if other virtual machines are sharing the same CPU, resource contention can further reduce performance. Also, to be effective, the ADC must be able to gain the information needed (from clear text) for intelligent application routing, filtering and/or server persistence – and this requires even more processing power.

Scaling can also be problematic. Sure, you can throw more virtual ADCs into the mix, but it will add both cost and setup/management complexity to the equation.

When you need to ensure SSL/TLS performance through SSL offloading, and scaling is also a concern, consider a hybrid virtual/dedicated model. This model combines the flexibility and low cost of virtual ADCs with the raw horsepower of our dedicated APV Series appliances – which can support up to 4 million SSL/TLS connections/sections and up to 25 Gbps encrypted data throughput per unit.

See our SSL Offloading and Acceleration in Virtualized Environments white paper for a complete description of how the hybrid virtual/dedicated model works, key features, key benefits and more.

Roland Hsu