Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

ASK THE EXPERT- E-Transaction Assurance

Welcome to the Cisco Networking Professionals Ask the Expert conversation. This is an opportunity to discuss E-Transaction Assurance with Cisco expert Jay Cedrone. Jay is a Technical Marketing Engineer for Cisco’s Content Networking Business Unit. Feel free to post any questions relating to E-Transaction Assurance.

Jay may not be able to answer each question due to the volume expected during this event. Our moderators will post many of the unanswered questions in other discussion forums shortly after the event. This event lasts through June 8. Visit this forum often to view responses to your questions and the questions of other community members.

  • Expert Corner
10 REPLIES
New Member

Re: ASK THE EXPERT- E-Transaction Assurance

How does the Cisco CSS 11000 Content Services Switch offload and process SSL Traffic when configured for One-Armed Proxy Configuration?

TIA

New Member

Re: ASK THE EXPERT- E-Transaction Assurance

The SSL One-Armed Proxy configuration can be used when the customer wants to keep SSL offloading and the Layer 5 switching on the same switch. It should only be used if the customer does not require that the client browser IP address be passed to the origin server farm. Note that in this scenario, not all SSL traffic must be redirected to the SonicWALL SSL-Rack’s. If needed, some SSL traffic can be load balanced at layer 4 to the origin servers, while SSL traffic to other VIPs can be offloaded. This dual support is important because the web application may be written in such a way that it relies on an SSL API or other code dependency. By enabling the dual functionality, the CSS 11000 / SonicWALL SSL-Rack combination allows the graceful implementation and conversion over time.

Silver

Re: ASK THE EXPERT- E-Transaction Assurance

How does the Cisco CSS 11000 Content Services Switch offload and process SSL Traffic when configured for In-Line Configuration?

New Member

Re: ASK THE EXPERT- E-Transaction Assurance

The SonicWALL SSL-Rack will intercept all port 443 traffic for those IP addresses configured on it, de-encrypt it and then forward it as in-the-clear-traffic (i.e. port 81) to the CSS 11000. All port 80 traffic will be bridged transparently to the CSS 11000. It is recommended that a port other than port 80 be chosen to support the unencrypted traffic. By keeping the ports separate, it will be possible to track usage for encrypted content, and to apply additional security to the CSS 11000 to ensure that traffic that should be encrypted will not be sent “in-the-clear” over the Internet. The CSS 11000 will not have any port 443 content rules defined since all traffic that terminates on it is de-encrypted, so all content rules for HTTP traffic can be layer 5 rules. The CSS 11000 should be configured with at least one content rule for each VIP/port combination defined in the SonicWALL SSL-Rack.

New Member

Re: ASK THE EXPERT- E-Transaction Assurance

How do I offload the demanding SSL encryption/de-encryption from my origin web servers? Does Cisco have a solution to offload this traffic?

New Member

Re: ASK THE EXPERT- E-Transaction Assurance

Yes. The Cisco/SonicWALL SSL Optimization Solution provides Web hosters, Service Providers, enterprises and e-businesses with a high-performance SSL traffic management solution that improves Web site performance and operational efficiencies for both secure and non-secure traffic. The solution features two integrated components, the Cisco CSS 11000 series content services switch (for Layer 5-7 intelligent load-balancing) and the SonicWALL SSL-Rack (for SSL decryption/encryption).

New Member

Re: ASK THE EXPERT- E-Transaction Assurance

Jay-

SSL transactions on my server are really processor intensive? Any recommendations on how to optimize SSL transactions?

TIA

New Member

Re: ASK THE EXPERT- E-Transaction Assurance

Yes, You could use an intelligent switch to load balance SSL traffic to SSL terminators that are specifically designed to optimize all SSL transactions, this would offload your servers from having to handle any SSL transactions and let them process the most important traffic that they get...the actual purchase.

New Member

Re: ASK THE EXPERT- E-Transaction Assurance

Can you explain exactly what E-Transaction Assurance is?

25
Views
0
Helpful
10
Replies
This widget could not be displayed.