Secure Sockets Layer (SSL) is a cryptographic protocol that protects the digital communications between a browser and a server. SSL is the de facto standard for Internet security today and is found in software in hundreds of millions of browsers and hundreds of thousands of application servers. It is a crucial element in many Internet applications such as home banking, online trading, and consumer e-commerce. As secure servers handle more and more SSL traffic, a performance bottleneck occurs which can severely affect customer satisfaction.
The SSL protocol provides a "handshake" between a browser and a server that establishes which cryptographic algorithms will be used for that session. This handshake requires the server to perform a compute-intense exponentiation of a cryptographic key. Performing this exponentiation in software, a typical secure server is severely taxed at only a handful of SSL connections per second. The server's CPUs perform cryptographic processing with few cycles left for business processing. A successful application may have new customers waiting to connect to the server. Customers may become frustrated and go elsewhere.
The immediate recourse to the performance bottleneck is to add another application processor. This is expensive and may require that additional memory be installed. The operations and management of the server will become more complex. The preferred alternative is to offload all exponentiation processing to a special-purpose peripheral, leaving the general-purpose processor free to run the business application.
Problems and Requirements
- Accelerates SSL security processing for secure web application servers
- Adds a dedicated coprocessor to the ProLiant or HP server, offloading cycle-consuming onentiation to overcome the performance bottleneck of SSL-secured applications
- Supports more than 600 SSL connections per second with standard web servers at a much lower cost per SSL connection per second than the competition
- Tested with Chinese Remainder Theorem (CRT) at more than 700 SSL connections per second for CRT-enabled applications
- Enabled with HP/Atalla MultiPrime™ technology to improve performance in MultiPrime™-enabled applications
- Multiple cards (up to eight in a single server) provide linear, scalable performance
- Meets PCI 2.2 specifications for fast and easy installation in ProLiant Servers
- Accelerates Netscape Enterprise Server 6 and Apache with OpenSSL 0.9.5a or later
Typical Use
- E-Commerce needs SSL security for trusted transactions
- Software that currently performs exponentiation for SSL is compute-intensive, currently solved by adding expensive additional application processors and possible memory upgrades
- Most servers strain at only a few SSL connections per second and create a bottleneck to performance
- Overall server operations become more complex
The HP/Atalla AXL600L SSL Accelerator Card brings the power of a special-purpose peripheral processor to bear on the performance bottleneck of secure Linux applications. It meets the PCI 2.2 specification and provides for easy installation and use. A typical secure server is saturated running only a handful of SSL connects per second at 100 percent CPU utilization. The AXL600L PCI offloads security processing overhead so that CPU utilization devoted to exponentiation drops to near zero. For much less than the cost of another general-purpose processor, the AXL600L SSL Accelerator Card frees the server to run the business application.
As a secure Linux application serves more customers, the AXL600L SSL Accelerator Card continues to alleviate the performance bottleneck caused by the compute-intense exponentiation. The AXL600L SSL Accelerator Card can support more than 600 SSL connections per second using industry-standard 1024-bit RSA keys with today's standard Linux application servers. The HP/Atalla AXL600L is also enabled with Chinese Remainder Theorem (CRT) and with MultiPrime™, HP/Atalla's patented extension to RSA public key cryptography. The product has been tested at more 700 SSL connections per second with CRT. MultiPrime™-enabled applications, such as wireless commerce provide performance enhancements in both the server and in resource-constrained mobile devices.
Specific Customer Characteristics
The HP/Atalla AXL600L SSL Accelerator Card is designed for ProLiant and HP server customers worldwide that take advantage of the dynamic economics of e-Commerce over the Internet and:
- Must solve the SSL server performance bottleneck
- Use a major Linux web server such as Netscape Enterprise Server, or Apache
- Want a financially justified solution with return on customer investment in less that 1 hour
- Want an easy installation in less than 30 minutes
e-Retailer
Problems and Requirements
- Revenues from e-retailing are growing at 300% CAGR
- Each new Holiday season creates a new plateau of secure transaction volume requiring peak planning to prevent loss of potential sales
- Andersen Consulting says that more than 27% of e-customers walked away from purchase decisions
- Many e-Retailers and CIOs know they have an SSL performance problem and need a successful solution within a budget
Typical Use
- Easy installation into ProLiant or HP servers without changing network topology
- Industry-leading low entry price and price performance
- Easily cost-justified by the opportunity costs of lost sales from customers leaving e-commerce site
Online Banking/Online Trading/Airlines Reservations
Problems and Requirements
- Greatly reduce operational costs if they satisfy customer needs online
- Growing secure transaction volumes hurt customer satisfaction
- Know their business and their customers well and plan ahead accordingly
- Customer contacts are the IT Director or his Operations Manager
- Will perform comprehensive research on SSL acceleration
Typical Use
- Evaluation card to demonstrate cost-effectiveness and ease of use
- Linear scaling of performance with multiple cards may be needed for ultra high volumes
ASPs & ISPs
Problems and Requirements
- If ISP/ASP owns equipment:
- Must maintain client service level requirements
- Very interested in reducing operating costs
- If client owns equipment:
- ISP/ASP wants to add value in consultant role
Typical Use
- Quick and easy deployment in existing web servers
- Lowest entry price and best price performance in the industry
|
Printable version
