Encryption Adds ComplexityBy David Strom | Posted 2009-04-09 Email Print
WEBINAR: Live Date: December 14, 2017 @ 1:00 p.m. ET / 10:00 a.m. PT
Modernizing Authentication — What It Takes to Transform Secure Access REGISTER >
Today’s applications deliver content across a wide swath of Internet and local network infrastructure. Yesterday’s network tools just don’t do the job anymore.
Another complicating issue is encryption. Many enterprises are making more use of Secure Sockets Layer (SSL) protocols to encrypt traffic as it traverses the Internet—both for their own protection from potential hackers and to maintain their customers’ privacy. But this presents challenges for applications infrastructure, particularly reverse proxy servers and load balancers, which may not be designed to handle encrypted traffic.
“As more of our traffic migrates from port 80 to port 443, we’ll have to decrypt the traffic so we can inspect it as it passes through the proxies,” says Wells Fargo’s Littlejohn.
Monitoring tools also should work with encrypted traffic. “You need to get some seriously enhanced visibility on ports 80 and 443,” says David O’Berry, director of ITSS at the South Carolina Department of Probation, Parole and Pardon Services in Columbia, S.C. “Next-generation firewalls from companies like Palo Alto and the devices from companies like Blue Coat are great first and second steps down that path. Combine that with additional application intelligence with incoming and outgoing traffic, and you can get the beginnings of a solid picture.”
Another issue is being able to scale up as more users run your applications and to understand what resources are needed to support them. Here’s how EvriChart’s Maro approached this situation: “If new applications are to be fully useful in the Web 2.0 world, they have to be designed to run in a truly distributed environment, and you have to make sure that it can quickly scale, too. We host 5 million pages of scanned documents.”
Part of Maro’s success has to do with how he built his servers out of common, inexpensive components. “We can throw another pair of mirrored servers in place and handle additional growth quite easily,” he explains. “Plus, given that our most expensive server is less than $2,500, the money we spend on our hardware is less than the maintenance fees on one of our competitor’s systems.”
A number of vendors sell tools to improve network applications throughput, including Blue Coat, Citrix, F5 Networks, Juniper Networks, Radware and Riverbed Technology. It can be hard to sort out which product will work the best for your firm.