Download Brochure - Integrated Technology

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
Document related concepts
no text concepts found
Transcript 
Solution Brief
Nortel Networks
Alteon 8661
SSL Acceleration Module
for the Passport 8600
Alteon 8661 SSL Acceleration
Module features:
• Industry-leading SSL performance
• Centralized PKI management
• Superior scalability
• Operational simplicity
• Reduced total cost of ownership
• Rock solid reliability
• Secure content optimization
The Alteon 8661 SSL Acceleration
Module (SAM) is a high performance
Secure Sockets Layer (SSL) blade that
integrates seamlessly into any Passport
8600 to simplify secure Web-based
applications and business communications. Its ability to handle industryleading SSL traffic volumes and
lower security costs makes it the
ideal solution for high performance
secure environments.
The Nortel Networks Alteon 8661
SSL Acceleration Module (SAM) for
the Passport 8600 Routing Switch
integrates the award-winning capabilities
of the Alteon SSL Accelerators (ASA)
with custom built RSA ACISs to
deliver the industry’s best SSL offload
performance within a resilient chassis
architecture. The Alteon 8661SAM
intelligently accelerates secure business
transactions and confidential data by
offloading SSL processing from local
servers without imposing delays on
other traffic in the same data path. The
8661SAM simplifies server infrastructure
by securing Web-based applications,
business-critical communications, and
sensitive electronic transactions in a
more efficient manner. Purpose-built to
perform compute intensive processing
tasks, the 8661SAM seamlessly integrates
into the Passport 8600 Layer 2-7 Intelligent Routing Switch Architecture.
Secure Sockets Layer (SSL)—
The de facto security standard
Security is a paramount concern when
considering the provision of application
access and confidential data transmissions
across non-private networks—in particular
the Internet. With at least 60 percent of
vital corporate data residing on servers that
can be accessed globally, sensitive assets
can be exposed if not properly secured.
Offloads SSL processing
from servers
Application and Web servers are a significant cost component of any IT infrastructure budget. As more services and
application continue to become Internetenabled, the importance of securing and
optimizing these environments becomes
a top priority. SSL has the unique
ability to set up secure sessions at the
application layer between any client and
server connected to the Internet. With
today’s broad set of SSL applications,
servers continue to bear the increasing
processor load required to handle the
secure session setup, as well as the bulk
encryption duties required by the SSL
protocol. These functions can slow application servers to a crawl if many sessions
are initiated at the same time, or if a
large number of concurrent sessions are
required. The performance and financial
penalty can be significant because a
server’s real capacity drops by up to 75
percent when forced to handle secure
sessions. Alteon 8661 SSL Acceleration
Modules for the Passport 8600 offload
this expensive processing duty from
servers—to keep them running at their
optimal levels for a fraction of the cost.
Architected for performance
Secure eBusiness applications and
confidential communication exchanges
are characterized by a high rate of
new session adds that have variable
duration as users enter and retrieve
critical information.
Unlike traditional SSL proxy solutions
where TPS degrades proportionally
with throughput, the Alteon 8661 SSL
Acceleration Module (SAM) has been
architected to support environments
that require a high number of SSL
transactions per second and concurrent
sessions capacity. The 8661SAM eliminates the need to maintain information
on the TCP sessions as well as the SSL
messages and reduces processing overhead by only maintaining minimal
information on the session. This allows
the SAM blades to be able to support
exponentially more concurrent connections and allows it to employ highspeed packet processing techniques
that would not be possible if reassembly
were required.
The 8661SAM has custom built hardware and software engines that provide
industry-leading real-world SSL offload performance. The SSL Handshake
is accelerated in hardware by fast purpose built RSA ASICs and by an SSL
authentication co-processor. This
architecture minimizes the CPU
resources required in establishing
secure SSL sessions, enabling very high
TPS and low latencies per handshake.
Bulk encryption and authentication are
performed in hardware without touching the resources of the CPU. This
combination enables very high TPS
to be maintained up to “real world”
network payloads.
Secure Sockets Layer (SSL) is critical for any business that wishes
3500
SSL 3.0, RC4, 83% reuse
3000
SSL HS/second
A single Internet Protocol—Secure
Sockets Layer (SSL)—has quickly
become the de facto security standard on
the Internet when dealing with financial,
corporate, and personally sensitive information because of its ability to encrypt
and secure entire sessions between
computers. Due to SSL’s sophisticated
authentication schemes and encryption/
decryption algorithms, it is highly CPUintensive and causes crippling performance strains on Web server resources.
2500
2000
SSL 3.0, RC4, no reuse
1500
1000
500
0
50
100
150
200
250
Megabits throughput/second
Figure 1. Alteon 8661SAM performance for
SSL 3.0, RCA with 83% reuse is 3100TPS, with no
reuse is 2350TPS and bulk through-put maximum
is 260 Mbps (250 Mbps with 40KB packets).
By supporting 3,000 SSL transactions
per second (TPS), 64,000 concurrent
secure sessions, and 260 Mbps bulk
encryption throughput per module, the
8661SAM can significantly lower the
cost of securing Web-based applications
and business communications.
Decreased total cost
of ownership
The Alteon 8661 SSL Acceleration
Module delivers the best price/performance ratio in the market which leads to
significant cost savings because it reduces
the number of Web servers required to
deliver applications and services. When
implemented in high performance data
center environments, the 8661SAM can
substantially reduce redundant recurring
digital certificate costs by moving the
certificate installations and management
functions to a single centralized device.
This improves security by providing better
protection for private keys, and lowers
operations and support costs by simplifying management and streamlining
SSL infrastructure.
to securely extend its mission-critical applications and services
beyond the confines of their internal network, and provides a
secure channel of information exchange over the Internet.
2
Operational simplicity
The 8661SAM delivers unparalleled
operational simplicity because it integrates seamlessly into the Passport
8600 architecture and simplifies security
management. With Single System
Image (SSI), Centralized Certificate
Management, and raw SSL Offload
performance, the 8661 delivers bestof-breed functionality within the
modular infrastructure.
The 8661SAM’s unique SSI technology
simplifies scaling by allowing for “plugand-play” of additional blades to existing clusters.
• SSI pushes configuration and
certificates to new blades as they
are added to the cluster
• SSI allows for unified view of
certificates which dramatically
simplifies certification management
Multiple certificates not only cost
money but also add unneeded complexity. The 8661SAM allows you to
support an entire domain with a single
certificate versus having to implement
an individual certificate per real server.
As well, each 8661SAM has the SSL
management and processing capability
to replace anywhere from 5 to 25 SSLenabled application servers. Each digital
certificate that is signed by a certificate
authority can cost hundreds of dollars
per year, and each key that is stored on
a basic Web server can be a security risk
requiring periodic support to refresh.
The 8661SAM represents a single
device to manage all of your SSL
operations, freeing unnecessary complexity from the data center infrastructure. Advanced key and certificate
management capabilities further
simplify administration.
Superior scalability
Up to four Alteon 8661SAM blades
can be clustered in a single chassis.
When utilizing the Alteon Web
Switching Module to load balance
secure HTTPS content requests to the
8661SAM cluster, a single chassis can
scale to support up to 12,000 SSL
transactions per second, 1.04 Gbps
of bulk encrypted throughput, and
256,000 concurrent sessions.
Additionally, the Passport 8600 can
support hybrid Alteon SSL implementations that enable the user to support
up to four 8661SAMs and up to 256
external Alteon SSL Appliances
(ASAs) simultaneously.
Rock solid reliability
The Passport 8600 Routing Switch
reliably delivers business-critical functions in a single scalable platform. When
Alteon 8661SAMs and Alteon Web
Switching Modules are installed in a
Passport 8600 Routing Switch, secure
content and application traffic is maintained via the Passport 8600’s industryleading multi-level resiliency features.
The redundancy features of the Passport 8600 Layer 2-7 Routing Switch
combined with the 8661SAM provide
an extremely fault tolerant solution
for secure communications.
Secure content-based networking
The 8661SAM enables the Passport 8600
to perform content networking features
on secure sessions. This facilitates content-based load balancing, session persistence, health checking, and other Layer 7
services on previously encrypted content.
It also enables network administrators to
deploy advanced security policies like
virus scanning and intrusion detection
on secure traffic.
By seamlessly integrating and working
in concert with the Alteon Web
Switching Module within the Passport
8600, the 8661SAM offers a scalable
platform that maximizes secure eCommerce performance and extends Web
OS content-intelligent traffic management services to encrypted traffic.
Persistence for secure sessions
By being able to provide visibility of
encrypted payloads to trusted entities
within the Passport 8600 chassis, the
WSM can now use HTTP cookies to
“glue” or “stick” both HTTP and HTTPS
connections from the same user to the
SAM
3 The SAM performs SSL handshake and key exchange with
client and then decrypts
the session.
4 SAM initiates the HTTP
connection to the virtual
server on port 80.
2 The WSM redirects all
SSL traffic to the SAM.
WSM
Internet
Load-balanced
server farm
5 Unencrypted HTTP sessions
are load balanced by the
WSM to a real server based
on the configured LB Policy.
Client
1 Client requests secure
information (HTTPS).
Figure 1. Basic SSL Acceleration Module HTTPS offload example
3
same Web server—dramatically improving user experience.This solves the widespread eCommerce problem often caused
when a proxy changes a user’s IP address
during a secure payment session. Terminating the SSL session using the 8661SAM
and using HTTP cookies is far simpler and
more reliable than other methods of achieving session persistence on secure sessions.
System requirements
• Occupies one slot in a Passport
8600 Routing Switch
• Passport Release Code v3.3.1
• At least one 8690/8691SF
• Alteon Web Switching Module
(running WebOS 10.0.28 or higher)
• Up to four 8661SAM blades in
the same chassis
Physical characteristics
Dimensions:
• 1.5 in (h) x 15.4 in (w) x 18.5 in (d)
• 3.8 cm (h) x 39.1 cm (w) x 47.0 cm (d)
Nortel Networks Passport 8600 Layer 2-7 Intelligent Routing Switch with its industryleading content switching and new SSL Acceleration Modules enables customers to
securely and reliably ramp up their mission-critical business transactions, providing
simplicity and flexibility in designing and managing both secure and non-secure content via a robust Layer 2-7 routing solution. With the introduction of the Alteon 8661
SSL Acceleration Modules (SAMs), Nortel Networks explicitly validates that it understands the value of concurrent security and performance in delivering Web-based
applications and communication services.
Alteon 8661SAM features
System capacity and performance
- 64,000 concurrent sessions—256K per chassis
- 260 Mbps bulk encryption—1.04 Gbps per chassis
- 100 server certificates supported
Hash algorithms
- SSL RSA with RC4 128 MD5
- SSL RSA with RC4 128 SHA
Handshake protocol
- SSL 3.0
- SSL 3.1/TLS 1.0
- Session reuse
- Session renegotiation
Key and certificate supported
- PEM
- NET
- DER
- PKCS12
- PKCS8
• 14 lbs (6.4 Kgs) approx.
Technical specifications
MTBF rating: 288,615 hours
@ 25° Celsius
Input power: 80 W maximum
Maintenance port: 8-pin mini-DIN
- Message digest 5 (MD5)
- SHA1
Cipher suites
Weight:
Environmental conditions
Operating temperature: 0° to 40° C
Storage temperature: -10° to 70°
- 3,000 SSL transactions per second—12K per chassis
- KEY ( MS IIS4.0)
Scalability
- Up to four 8661SAMs per chassis
Integration
- Seamlessly integrates in the Passport 8600 with the
Simplified management
- Centralized key and certificate management
Web Switching Module (WSM)
- Single System Image (SSI) for multiple blades
- Java Device Manage (JDM) support
Ordering information
DS1404070
In the United States:
Alteon 8661 SSL Acceleration Module (SAM) for the Passport
8600. Secures Web-based applications and business communications while enabling content networking features on
secure sessions. Features 3,000 SSL sessions per second, 260
Mbps and 64,000 concurrent connections per module.
Nortel Networks
35 Davis Drive
Research Triangle Park, NC 27709
USA
In Canada:
Nortel Networks
8200 Dixie Road, Suite 100
Brampton, Ontario L6T 5P6
Canada
In Caribbean and Latin America:
Nortel Networks
1500 Concorde Terrace
Sunrise, FL 33323
USA
In Europe:
Nortel Networks
Maidenhead Office Park
Westacott Way
Maidenhead Berkshire SL6 3QH
UK
In Asia:
Nortel Networks
6/F Cityplaza 4,
Taikooshing,
12 Taikoo Wan Road,
Hong Kong
www.nortelnetworks.com
For more information, contact your Nortel Networks representative, or
call 1-800-4 NORTEL or 1-800-466-7835 from anywhere in North America.
*Nortel Networks, the Nortel Networks logo, Alteon and the globemark design are trademarks of Nortel Networks.
All other trademarks are the property of their owners.
Copyright © 2003 Nortel Networks. All rights reserved. Information in this document is subject to change
without notice. Nortel Networks assumes no responsibility for any errors that may appear in this document.
GSA Schedule GS-35F-0140L
1-888-GSA-NTEL
NN103380-020703
Related documents
Britestream Applied: Check Point NGX Web Intelligence Accelerator
Britestream Applied: Check Point NGX Web Intelligence Accelerator
Panel: Security and the World Wide Web
Panel: Security and the World Wide Web
Chapter 19
Chapter 19
Security Without End Always-on SSL Protects Users with Persistent
Security Without End Always-on SSL Protects Users with Persistent
Slides for lecture 26
Slides for lecture 26
Electronic Payment Systems
Electronic Payment Systems
VPNs, PKIs, ISSs, SSLs with narration
VPNs, PKIs, ISSs, SSLs with narration
Corporate and Personal Solutions
Corporate and Personal Solutions
Network Security
Network Security
SSL Certification Information
SSL Certification Information