One correction, doing SSL between the appliance and the backend server
is less taxing that than customer->server, because the appliance can
reuse the SSL session for all request and not create new SSL session
(which is where the overhead is).
Appliances offer other benefits that is a little hard to do with
servers.
1. Eases management of SSL certs.
Would you like to manage 500 SSL certs on one machine or 500 machines?
2. Load balancing
The applicance can load balance the traffic to multiple web servers.
To do that at the server level would require DNS level load balancing
which has its own issues.
3. Transparent failover.
If you want to failover customer traffic from site A to site B, the
device can do it more easily DNS changes, in which case you are are the
mercy
of the client to obey DNS.
Applicance is not really about "improved" security, it more about
improving your
system management process.
Ashish
-----Original Message-----
From: firewall-wizards-admin_at_honor.icsalabs.com
[mailto:firewall-wizards-admin_at_honor.icsalabs.com] On Behalf Of golovast
Sent: Sunday, February 05, 2006 4:41 AM
To: firewall-wizards_at_honor.icsalabs.com
Subject: RE: [fw-wiz] question on securing out-of-band management (ver.
2)
trimmed....
I wanted to ask if the people who read this list would consider using an
appliance a secure configuration? Technically, the traffic is not going
over the
public network, however, obviously it's unencrypted. Is the trade off
for
improvements with appliance worth it?
If so, do any of you have experience with an appliance?
I've looked at Radware, F5, ncipher..etc.
Thanks again.
_______________________________________________
firewall-wizards mailing list
firewall-wizards_at_honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Received on Feb 09 2006
Intro
