Re: [load balancing] Verisign and Load Balancers

From: Paris Lundis (PLundisIZZATareaindex.com)
Date: Thu Feb 15 2001 - 17:29:14 EST

  • Next message: Nimesh Vakharia: "Re: [load balancing] Cascading switches off of a Foundry switch"

    Kind of in regard to Eric's comments, folks like Nokia are producing
    SSL enhancement devices that are specialized appliances... They sit in
    front of your server cluster and basically handle a lot of the SSL
    traffic. One of the key selling points by them (include Intel content
    switches here too) is the reduction in the cost of server certs (ie: a
    cert per server)...

    if you were to run these certs on a cert server appliance wouldn't that
    be just one server :)

    games.

    Paris Lundis
    412-288-9901 x1038(Office)
    412-551-9962 (Cellular) or email 4125519962IZZATmobile.att.net
    [finding the future in the past, passing the future in the present]
    [connecting people, places and things]

    -----Original Message-----
    From: Eric Gray <egrayIZZATsitesmith.com>
    Date: Thu, 15 Feb 2001 13:52:17 -0800
    Subject: Re: [load balancing] Verisign and Load Balancers

    > I have not looked at the online application lately, but is it even
    > possible to buy multiple certs?
    >
    > If you generate a new cert request and log in and try to buy another
    > cert for yourdomain.com, something will probably choke.
    >
    > They could easily work around that by simply having customers mail
    > checks each time a new web server is put online. Just put your
    > domain
    > name in the memo field of the check... cha ching.
    >
    > A frustrating case of some legal person familiar with software
    > licensing
    > (but not certs) influencing this document you reference.
    >
    > To top it off, anyone you speak to (sales in particular) won't
    > necessarily understand the concept of a farm of idental web servers
    > behind a load balancer. It is one big "logical server" in a way.
    > But
    > that kind of falls apart if you compare it to OS or app server
    > software,
    > which need to be licensed per server.
    >
    > If this takes off, it will become another bullet point for SSL
    > acceleration outside of the web servers. Such as Ipivot or BIG-IP.
    > But
    > then Verisign will go, "hey, that traffic was encrypted at one time,
    > so
    > you still have to pay us..."
    >
    > Eric
    >
    >
    > On Thu, Feb 15, 2001 at 03:36:51PM -0500, tony bourke wrote:
    > > Hi All,
    > >
    > > I've got a question for those of you that have used Verisign and
    > load
    > > balancers.
    > >
    > > When dealing with multiple servers behind a load balancer, do you
    > order
    > > one cert for the entire site, or one cert for each server? I was
    > always
    > > under the impression that it's one cert to be used with all
    > servers. Is
    > > this not the case? What are y'all doing?
    > >
    > > Some verisuck drones are quoting this to me, out of their
    > agreement:
    > >
    > > 4. Use Restrictions. You and your Customer are prohibited from
    > using your
    > > Customers Server ID (i) for or on behalf of any other organization,
    > (ii)
    > > to perform private or public key operations in connection with any
    > domain
    > > name and/or organization name other than the Customers name
    > submitted by
    > > you during enrollment, or (iii) on more than one server at a time.
    > >
    > > Take a look at part iii:
    > >
    > > (iii) on more than one server at a time.
    > >
    > > Any thoughts?
    > >
    > > Tony
    > >
    > >
    > >
    > >
    > > --------------
    > > -- ---- ---- --- - - - - - -- - - - - - - Tony Bourke
    > tonyIZZATvegan.net
    > >
    >



    This archive was generated by hypermail 2b30 : Thu Feb 15 2001 - 17:30:15 EST