Public key, Ssl on the brocade virtual adx, Ssl termination mode – Brocade Virtual ADX Security Guide (Supporting ADX v03.1.00) User Manual
Page 111
Brocade Virtual ADX Security Guide
99
53-1003250-01
SSL on the Brocade Virtual ADX
6
Public key
The other half of a key pair, a public key is held in a digital certificate. Public keys are usually
published in a directory. Any public key can encrypt information; however, data encrypted with a
specific public key can only be decrypted by the corresponding private key.
NOTE
We recommend that you always back up your SSL certificate keys. These keys may be lost in the
event of module failure.
SSL on the Brocade Virtual ADX
The Brocade Virtual ADX SSL module provides software-based encryption and decryption services
to clients. The Brocade Virtual ADX sits between clients and servers and all client traffic is
terminated on the Brocade Virtual ADX. When traffic is decrypted, the Brocade Virtual ADX analyzes
the data and selects a server where the connection traffic can be forwarded. The Brocade Virtual
ADX then opens a new connection to the server and passes all data to this server. On the return
path, the Brocade Virtual ADX receives all data from the server, encrypts it, and forwards it to the
client. For every incoming connection from the client, the Brocade Virtual ADX maintains an
additional connection to the server. Both connections are completely separate. The Brocade Virtual
ADX essentially acts as a proxy.
SSL on the Brocade Virtual ADX version 3.0 can be configured to operate in the following mode:
•
SSL Termination Mode: In SSL Termination mode, an SSL connection is maintained between a
client and a Brocade Virtual ADX. The connection between the Brocade Virtual ADX and the
server is not encrypted.
For details on how to configure a Brocade Virtual ADX for SSL Termination mode, see
Real and Virtual Servers for SSL Termination Mode”
on page 133 and for examples of how to
create the configurations shown in this section, see
“Configuration examples for SSL Termination
SSL Termination Mode
In SSL Termination Mode, the Brocade Virtual ADX terminates the SSL connections, decrypts the
data, and sends clear text to the server. The Brocade Virtual ADX performs all SSL encryption and
decryption operations in software inline with packet processing.
The Brocade Virtual ADX maintains an encrypted data-channel with the client and a clear-text data
channel with the server.
shows a topology that terminates SSL on the Brocade Virtual ADX.
FIGURE 6
Brocade Virtual ADX SSL Termination