mailing list archives
RE: question on securing out-of-band management (ver. 2)
From: "Desai, Ashish" <Ashish.Desai () fmr com>
Date: Thu, 9 Feb 2006 11:33:17 -0500
One correction, doing SSL between the appliance and the backend server
is less taxing that than customer->server, because the appliance can
reuse the SSL session for all request and not create new SSL session
(which is where the overhead is).
Appliances offer other benefits that is a little hard to do with
1. Eases management of SSL certs.
Would you like to manage 500 SSL certs on one machine or 500 machines?
2. Load balancing
The applicance can load balance the traffic to multiple web servers.
To do that at the server level would require DNS level load balancing
which has its own issues.
3. Transparent failover.
If you want to failover customer traffic from site A to site B, the
device can do it more easily DNS changes, in which case you are are the
of the client to obey DNS.
Applicance is not really about "improved" security, it more about
system management process.
From: firewall-wizards-admin () honor icsalabs com
[mailto:firewall-wizards-admin () honor icsalabs com] On Behalf Of golovast
Sent: Sunday, February 05, 2006 4:41 AM
To: firewall-wizards () honor icsalabs com
Subject: RE: [fw-wiz] question on securing out-of-band management (ver.
I wanted to ask if the people who read this list would consider using an
appliance a secure configuration? Technically, the traffic is not going
public network, however, obviously it's unencrypted. Is the trade off
improvements with appliance worth it?
If so, do any of you have experience with an appliance?
I've looked at Radware, F5, ncipher..etc.
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
- RE: question on securing out-of-band management (ver. 2) Desai, Ashish (Feb 09)