3million users per month on a very active cart that needs SSL. What cost effective Load balancing options for SSL acceleration are there? [closed]

Solution 1:

Scale out, not up. Use a TCP-level load balancer (Linux HA is free and outscales and outperforms every proprietary solution I've ever used), and forward the SSL connections to the machines behind it and let them do the SSL stuff. No need to worry about whether an individual "SSL accelerator" can handle the connection rate because if you need more, you just bung another backend box in.

Solution 2:

Open Source SSL Acceleration has a DIY Linux SSL accelerator example - see also the F5 rebuttal.

Solution 3:

On the appliance side Brocade (formerly Foundry Networks) have the ServerIron line.

Their SSL modules can do this, although the new versions they've just introduced won't have SSL for another few months.

They certainly aren't cheap (a pair of the entry level (albeit 16M sessions) non-SSL models is ~US$30k) but they're easily the most reliable equipment we've ever used, ~10 years in production and we've never even lost a power supply or port from ~20 in production. However we don't currently use SSL as our endpoints don't support it.

Most of the SSL accelerator cards seem to have fairly lacluster driver support. Test one before deploying, many of them saturate well below host capacity.

Solution 4:

I'm a big fan of the relatively inexpensive KEMP LoadMaster series. They are full-featured load balancers with ASIC SSL offloading. They are non-OSS linux-based appliances. Support is outstanding and the feature set keeps improving, frequently in direct response to user requests.