Secure Blue: An Architecture for a Scalable, Reliable High Volume SSL Internet Server

:Although there exist accelerator products to increase throughput of encrypted transactions produced by an Internet HTTP server, there are no current architectures that provide a truly coordinated and scalable solution for Secure Socket Layer (SSL) encrypted communications. This paper presents an architecture that facilitates high volume SSL Internet serving, scaling from thousands to millions of independently active SSL sessions. Reliability, availability, serviceability, and on-line error recovery requirement, s for such an application are also addressed in this paper. Our approach is to offload SSL set-up protocol activity, that was traditionally executed by Transaction Engines (and dedicated co-processors), to a scalable array of SSL Handshake Protocol specific servers. This significantly reduces utilization on the Tmns-action Engines since SSL session set-up is a CPU intensive operation. Additionally, the actual encryption/decryption processing is offloaded, as well, to a dedicated, scalable array of In-Line Encryption Engine(s). The In-Line Encryption Engine is architect ed in the system such that requests and responses flowing to and from the Transaction Servers are in clear text. A benefit of this arrangement is that Transaction Engines (as well as Web Accelerator Proxy’s) will retain the ability to cache web objects and firewalls will retain the ability to perform packet level inspection of all traffic direct,ed to the transaction engines. Such features have been sacrificed in prior SSL implementations.