Public key, Ssl acceleration on the serveriron adx, Ssl termination mode – Brocade Communications Systems ServerIron ADX 12.4.00a User Manual
Page 151
ServerIron ADX Security Guide
137
53-1002440-03
SSL acceleration on the ServerIron ADX
6
Public key
The other half of a key pair, a public key is held in a digital certificate. Public keys are usually
published in a directory. Any public key can encrypt information; however, data encrypted with a
specific public key can only be decrypted by the corresponding private key.
NOTE
We recommend that you always back up your SSL certificate keys. These keys may be lost in the
event of module failure.
SSL acceleration on the ServerIron ADX
The ServerIronADX SSL module provides hardware-accelerated encryption and decryption services
to clients. The ServerIronADX sits between clients and servers and all client traffic is terminated on
the switch. When traffic is decrypted, the ServerIronADX analyzes the data and selects a server
where the connection traffic can be forwarded. The ServerIronADX then opens a new connection to
the server and passes all data to this server. On the return path, the ServerIronADX receives all
data from the server, encrypts it, and forwards it to the client. For every incoming connection from
the client, the ServerIronADX maintains an additional connection to the server. Both connections
are completely separate. The ServerIron ADX essentially acts as a proxy.
SSL acceleration on the ServerIron ADX can be configured to operate in either of the following two
modes:
•
SSL Termination Mode – In SSL Termination mode, an SSL connection is maintained between
a client and a ServerIron ADX. The connection between the ServerIron ADX and the server is
not encrypted.
•
SSL Full Proxy Mode – In SSL Full Proxy mode, one SSL connection is maintained between a
client and a ServerIron ADX and a separate SSL connection is maintained between a
ServerIron ADX and a server. This connection allows for traffic encryption to be maintained all
the way from the client to the server and back.
For details on how to configure a ServerIronADX for SSL Termination and Proxy modes, see
Configuring Real and Virtual Servers for SSL Termination and Proxy Mode 172
and for examples of
how to create the configurations shown in this section see
Configuration Examples for SSL
Termination and Proxy Modes 176
SSL Termination Mode
In this mode, the ServerIron ADX terminates the SSL connections, decrypts the data, and sends
clear text to the server. The ServerIron ADX offloads the encryption and decryption services from
the server CPU and performs them in hardware, thereby offloading the burden from the server.
The ServerIronADX maintains an encrypted data-channel with the client and a clear-text data
channel with the server.
Figure shows a topology that terminates SSL on the ServerIron ADX.
FIGURE 9
ServerIron ADX SSL Termination