Kind of in regard to Eric's comments, folks like Nokia are producing
SSL enhancement devices that are specialized appliances... They sit in
front of your server cluster and basically handle a lot of the SSL
traffic. One of the key selling points by them (include Intel content
switches here too) is the reduction in the cost of server certs (ie: a
cert per server)...
if you were to run these certs on a cert server appliance wouldn't that
be just one server :)
games.
Paris Lundis
412-288-9901 x1038(Office)
412-551-9962 (Cellular) or email 4125519962IZZATmobile.att.net
[finding the future in the past, passing the future in the present]
[connecting people, places and things]
-----Original Message-----
From: Eric Gray <egrayIZZATsitesmith.com>
Date: Thu, 15 Feb 2001 13:52:17 -0800
Subject: Re: [load balancing] Verisign and Load Balancers
> I have not looked at the online application lately, but is it even
> possible to buy multiple certs?
>
> If you generate a new cert request and log in and try to buy another
> cert for yourdomain.com, something will probably choke.
>
> They could easily work around that by simply having customers mail
> checks each time a new web server is put online. Just put your
> domain
> name in the memo field of the check... cha ching.
>
> A frustrating case of some legal person familiar with software
> licensing
> (but not certs) influencing this document you reference.
>
> To top it off, anyone you speak to (sales in particular) won't
> necessarily understand the concept of a farm of idental web servers
> behind a load balancer. It is one big "logical server" in a way.
> But
> that kind of falls apart if you compare it to OS or app server
> software,
> which need to be licensed per server.
>
> If this takes off, it will become another bullet point for SSL
> acceleration outside of the web servers. Such as Ipivot or BIG-IP.
> But
> then Verisign will go, "hey, that traffic was encrypted at one time,
> so
> you still have to pay us..."
>
> Eric
>
>
> On Thu, Feb 15, 2001 at 03:36:51PM -0500, tony bourke wrote:
> > Hi All,
> >
> > I've got a question for those of you that have used Verisign and
> load
> > balancers.
> >
> > When dealing with multiple servers behind a load balancer, do you
> order
> > one cert for the entire site, or one cert for each server? I was
> always
> > under the impression that it's one cert to be used with all
> servers. Is
> > this not the case? What are y'all doing?
> >
> > Some verisuck drones are quoting this to me, out of their
> agreement:
> >
> > 4. Use Restrictions. You and your Customer are prohibited from
> using your
> > Customers Server ID (i) for or on behalf of any other organization,
> (ii)
> > to perform private or public key operations in connection with any
> domain
> > name and/or organization name other than the Customers name
> submitted by
> > you during enrollment, or (iii) on more than one server at a time.
> >
> > Take a look at part iii:
> >
> > (iii) on more than one server at a time.
> >
> > Any thoughts?
> >
> > Tony
> >
> >
> >
> >
> > --------------
> > -- ---- ---- --- - - - - - -- - - - - - - Tony Bourke
> tonyIZZATvegan.net
> >
>
This archive was generated by hypermail 2b30 : Thu Feb 15 2001 - 17:30:15 EST