With an industry deadline to adopt the 2,048-bit Secure Sockets Layer encryption standard coming at the end of...
next month, application delivery controller vendors are capitalizing on the transition.
The Certificate Authority/Browser Forum has set Jan. 1, 2014 as the deadline for Internet browsers to support 2,048-bit Secure Sockets Layer (SSL) encryption. The new standard supplants 1,024-bit SSL encryption, which can no longer be used.
Array Networks Inc., for example, retooled its APV5600 application delivery controller (ADC) to support up to 25,000 2,048-bit SSL transactions per second without raising the device's price, said Paul Andersen, Array's vice president of marketing. It's part of a strategy to target Software as a Service (SaaS) providers as prime customers that can use the mid-level ADC.
Service providers need higher level of encryption support
"If you look at one of our typical deployments, yes, they want security, they want SSL, but the numbers they support are in the thousands," he said. "It's nothing compared to a business model that is supporting millions of users. When we are talking to these SaaS providers, it's a whole new level of value proposition" and a market segment that Array wants to target.
With the new encryption standard requiring almost five times the computational power as 1,024-bit encryption, more robust ADCs are a necessity, he said.
Getting ready for tighter standards
Choosing the best certificate for your enterprise
Ensuring you're protected against hackers
Examining SSL decryption in the data center
SaaS provider YourMembership.com is using Array's 5600 platform to beef up its capacity and throughput, said Chief Technology Officer Hutch Craig. The St. Petersburg, Fla.-based SaaS provider serves more than 2,300 associations with its menu of back-office services, reaching more than 20 million users.
A lot of the provider's traffic requires secure processing, Craig said; everything from e-commerce to dues information and other sensitive data.
YourMembership.com deployed a pair of ADCs for failover protection at a data center in Orlando, Fla. They replaced two older Array ADCs that were running at more than 50% utilization each because of the volume of transactions they had to process.
"Things were getting really tough on them; the 5600s are unbelievable," Craig said. "Everything is funneled through the ADC, from the API to the actual front-end offering. We have millions of [end users] and tens of thousands of administrators that go into the box."
Craig said the 5600's SSL acceleration capabilities were a key attribute. In YourMembership.com's case, the processor-intensive steps needed to handle public-key encryption algorithms are handed off to a hardware accelerator, although the ADC has the ability to process SSL transactions without the use of separate servers.
More traffic headed in 2014
YourMembership.com will increase the amount of traffic routed through the Array ADCs next year as part of a plan to consolidate all of its data center operations in Orlando, Craig said. Right now, the provider has a data center in Austin, Texas, that serves clients YourMembership.com inherited as part of its 2012 acquisition of rival Affiniscape.
Craig said YourMembership.com will phase out the Austin data center and route all traffic to Orlando and the 5600s by next spring.
Andersen said SaaS providers are a logical target for his company's ADCs, which are priced from 30% to 40% below competitors' similarly equipped models.
"They have to support a lot more customers and they also have to be on a higher standard of SSL. At the same time, they can't afford to pay through the nose for ADC hardware," Andersen said.
The 5600 is priced beginning at $28,995; models that support hardware SSL acceleration begin at $37,995.
In addition to the 5600, Array beefed up two other models to handle the new encryption standards. The 2600 can process up to 5,000 SSL transactions per second, while the high-end 10650 can handle up to 70,000 transactions per second. All of the devices are engineered with 10 Gigabit Ethernet connectivity and multicore processing with throughput ranging from 10 Gbps to 120 Gbps, depending on the model.
In addition to Array, ADC hardware vendors A10 Networks, F5 Networks, Radware and Riverbed Technology, among others, support the new encryption standard.