Data Center SSL offload
Data center SSL offload is a communication method where all HTTPS traffic is terminated at the load balancer (LB) and all communication behind it (inside the data center) is over non-HTTPS communication. Data center SSL offload relieves data center servers of the continuous encryption and decryption of HTTPS traffic. The decryption of HTTPS traffic is offloaded to a separate device designed specifically to perform SSL termination (the LB). As such, Data center SSL offload is not supported on consolidated environments and requires a LB to be deployed.
Load balancer external and internal addresses
When Data Center SSL Offload is enabled, the system supports the use of an external and internal load balancer addresses:
-
The external address is used for HTTPS communication between desktops or site servers to the load balancer and creates a single point of access to the data center.
-
The internal address is used for HTTP communication between the data center servers and the load balancer.
Separating the addresses is optional and the same address may be used for both internal and external communication. However, since communication to the external address is done over HTTPS, and communication to the internal address is done over HTTP, it is recommended to use separate addresses in different network segments, or to carefully restrict the access to the non-HTTPS port to data center servers only.
Data Center SSL offload data flow
For a more detailed explanation, the table provides communication methods used in the system flows between the source and target server.
|
Source |
Target |
Com. |
Comments |
|---|---|---|---|
|
Desktop |
LB |
HTTPS |
LB external address is used |
|
DC server |
LB |
HTTP |
LB internal address is used |
|
DC server |
DC server |
HTTP |
|
|
Site server |
LB |
HTTPS |
LB external address is used |
|
Site server |
DC server |
N/A |
Site servers communicate through the LB |
|
Desktop/Application server |
HTTPS enabled site |
HTTPS |
|
|
Desktop/Application server |
HTTPS disabled site |
HTTP |
|
Load Balancer(LB) (Technologies, Security, and Networking DRG)