RE: [load balancing] SCA-11000 - Experiences or Horror stories?

From: Nicholas Blasgen (
Date: Mon Apr 08 2002 - 21:18:51 EDT

  • Next message: Daniel Peterson: "Re: [load balancing] SCA-11000 - Experiences or Horror stories?"

    I know nothing about the Cisco SCA 11000 and can't find much about it on
    the web via a quick Google search either. But since you also ask about
    similar equipment, I might as well ask another set of questions.

    From my experience for general accelerators is that they all do the
    standard job of off loading SSL transactions onto their own device. Your
    webserver sends to them traffic in the clear, and they encrypt it--a
    strait forward process. So the only things to think about are:

    1) the number of new connections per second you want to handle

    2) the amount of data per second that will need on the fly encrypting

    3) the number of simultaneous connections you want to support

    You need to factor growth into this as well (as you said). The internet
    is becoming more and more SSL based.

    These are just general questions. I don't have a huge amount of
    experience with SSL accelerators, but I'd expect answering some of those
    questions may help others in finding you the best solution. Oh, and some
    SSL accelerators do offer special features that other makers don't have.
    Intel's 7115 (I think it is) offers client side certificates. I'm not
    sure of what that really is, but it's a feature. Intel's also are
    "in-line" accelerators. They have a nice hardwired failover system and
    overload function. I'm also aware of the Rainbow cards, but that's
    another solution that's a bit more expensive if you have a large farm.
    The last product I've had the chance to play with is the Netscaler SSL
    solution. They offer some interesting "bonus" features along with (or
    last I checked which hasn't been for a while) a SSL box that can be load
    balanced or put "in-line". The load balancing feature is good for even
    speed improvement. I believe there is one other company that also offers
    a SSL product that can be load balanced too (I mean evenly load balancing
    to them).

    In summary, there are a ton of products out there to meet every need and
    more. Either come up with more specific requirements (which I guess you
    did by saying SCA-11000, just I'm unable to find much info on it) or get a
    list of some SSL devices and have the companies send you competitive
    reports on each other. I'm sure each of these companies have competitive
    white papers on their competition.

    /Nicholas W. Blasgen
    (yet another unemployed network guy)

    Wow that was a long note. Ok, back to watching more e-mail for me
    today :)

    -----Original Message-----
    From: []On Behalf Of
    Mark Wiater
    Sent: Monday, April 08, 2002 4:57 PM
    To: ''
    Subject: [load balancing] SCA-11000 - Experiences or Horror stories?

    Hi all,

    Does anyone have any decent stories to tell regarding the Cisco SCA 11000
    (Secure Content Accelerator) or like equipment?

    Sounds just like what I need to migrate a few legacy things to SSL and to
    increase performance and scalability of my web farm...



    The Load Balancing Mailing List
    MRTG with SLB:
    Hosted by:

    This archive was generated by hypermail 2b30 : Mon Apr 08 2002 - 21:23:35 EDT