The ADC is the Key Master for All Things SSL/TLS


In the movies (and real life) one often needs to go through the Key Master to get to the destination. The job of the Key Master is to keep control of the access to the locks and barriers that protect important or sensitive material. Sometimes there is one key to get to the hidden rewards while other times, there is a long string of keys that must be maintained and managed. In other situations, the Key Master is more of a Key Maker, generating keys upon request.

It is good to have an important role like the Key Master, but it is essential that one is good at the role. Can you imagine asking for a key and having the Key Master spend hours digging through a box of keys trying to find the right one? Or what if the Key Master gives you a key that no longer works because the lock has been changed?

The gatekeeper of application access

The application delivery controller (ADC) is positioned to be the gatekeeper for the applications on the network. The ADC is the load balancer and reverse proxy that manages all of the client requests going to the pools of application servers behind it. This role often requires the inspection of content to make these load balancing decisions. Clients are sent to different pools of servers based on the uniform resource identifier (URI), cookies, or other types of content in the client request.

Content on the Internet and within many private networks is encrypted. Over 50% of the traffic on the Internet is encrypted and that number continues to grow. This is important for the ADC because it is necessary to decrypt the content before load balancing decisions can be made based on the content. This function, known as SSL offload, is designed to allow the ADC to manage the encryption overhead for these secure applications in an efficient and easy to manage manner.

[You might also like: The World is Changing]

To decrypt the content and make load balancing decisions, the ADC needs to have a copy of the encryption keys associated with the application. ADCs are designed to host many applications and therefore, must be able to manage just as many keys.

Fast and efficient is the ‘key’ to success

The decryption and possible re-encryption of the application data requires resources. ADCs are designed to load balance 10s and 100s of gigabits of content every second. The ADC is the high performing reverse proxy that can support hundreds of applications and thousands of servers.

The encryption engine built into the ADC needs to match the performance of the load balancing functions. If the majority of the traffic is encrypted, then the key management and engine that performs the decryption need to match the capabilities of the rest of the ADC technology. It does not make sense to purchase an extremely fast sports car, only to have it limited by the underperforming fuel pump or inadequate suspension system.

ADCs solve this problem by optimizing their software and hardware for the decryption performance challenges. They have specialized software to make the decryption efficient and when additional performance is required, they include hardware dedicated to the decryption and re-encryption of content.

SSL offload for all applications

The ADC can manage the keys for a business’ application encryption needs while managing the growing performance requirements for encrypted content. As the gatekeeper for the application delivery infrastructure, the ADC is the key master for all of the applications’ encryption needs. Exposing the content for making the appropriate load balancing decisions is one of the key functions that an ADC can perform when it comes to an organization’s encryption visibility needs.


Read “Keep It Simple; Make It Scalable: 6 Characteristics of the Futureproof Load Balancer” to learn more.

Download Now

Previous articleGaming – Legitimate vs. Malicious Users
Next articleAnother Problem I Face: Securing APIs in Continuous Delivery
Frank Yue is Director of Solution Marketing, Application Delivery for Radware. In this role, he is responsible for evangelizing Radware technologies and products before they come to market. He also writes blogs, produces white papers, and speaks at conferences and events related to application networking technologies. Mr. Yue has over 20 years of experience building large-scale networks and working with high performance application technologies including deep packet inspection, network security, and application delivery. Prior to joining Radware, Mr. Yue was at F5 Networks, covering their global service provider messaging. He has a degree in Biology from the University of Pennsylvania.


Please enter your comment!
Please enter your name here